Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Tuesday 16th May 2006
Virus plays fast and loose with online poker 3:14PM, Tuesday 16th May 2006
A rootkit virus - one which is hidden from the very operating system of a computer - has been discovered in a program designed to help online poker players tot up monies owed them by casinos after games.

Checkraised.com stopped distributing its Rakeback Calculator after it was discovered that versions of the software secretly installed components that gave the author remote access to login information for a variety of websites, including Partypoker, Empirepoker, Eurobetpoker and Pokernow.

Potentially, the author could log in to these accounts and set up a poker game against him/herself, ensuring that the victim would lose.

The components were hidden by a rootkit driver that essentially tells Windows to ignore these files, rendering them invisible to applications, including security programs such as Norton Antivirus. Indeed Checkraised.com says that when the developer built the application, each version would be submitted to the company via email and scanned for viruses. Yet the rootkit code remained undetected.

However, Finnish security company F-Secure's Blacklight rootkit detection
 
 
ADVERTISEMENT
utility found the malicious software. Checkraised.com says it has now reported the findings to other antivirus companies, such as CERT, Symantec, McAfee, and TrendMicro.

Checkraised.com is advising users to change all poker site passwords and to check your computer for evidence of the infection, adding that the code may have been bundled into other applications which have nothing to do with the company.

It says it will no longer develop executable applications and that future programming will be done in-house.

Kimmo Kasslin, a researcher at F-Secure's Data Security Laboratory said: 'Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly, on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.'

For manual instructions for checking and removing the rbcalc.exe files, visit the Checkraised.com website. The company claims that its other properties are not affected by the issue.

More information on F-Secure's Blacklight rootkit detection technology, visit F-Secure.com/Blacklight.
Matt Whipp

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics

Columns

Prolog:

Tim Danton puts his safety at risk by standing between the internet bullies and Microsoft. › See full Opinion
› See more Columns
›  See more Research Papers