Thousands of unsuspecting visitors to a popular family website have been tricked into downloading malware.
Visitors to Flowgo who clicked on a pop-up ad running on its humour site were automatically directed to a booby-trapped site called KoolKatalog.
Once at KoolKatalog they were invited to input their email address into a digital slot machine, solve a puzzle and win a prize.
According to virus experts, code in the pages at KoolKatalog exploited a known flaw in an old version of the Java engine of Microsoft's Internet Explorer browser to covertly download files onto visitors' computers.
McAfee researchers have not yet completely worked out what the files do. Some files attach themselves to victims' browsers and covertly monitor the sites they visit while others enable the program's authors to secretly send updates or other files to the infected computer.
An install program switches off the firewall and grabs more files from one of two IntelliTech Web servers, online1net.com and wwws1.com.
Flowgo's owner, eUniverse, said IntelliTech's automatic redirects violated its ad policy, and pulled the pop-ups as soon as it learned what was happening.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago