Virus plays fast and loose with online poker
By Matt Whipp
Posted on 16 May 2006 at 15:14
A rootkit virus - one which is hidden from the very operating system of a computer - has been discovered in a program designed to help online poker players tot up monies owed them by casinos after games.
Checkraised.com stopped distributing its Rakeback Calculator after it was discovered that versions of the software secretly installed components that gave the author remote access to login information for a variety of websites, including Partypoker, Empirepoker, Eurobetpoker and Pokernow.
Potentially, the author could log in to these accounts and set up a poker game against him/herself, ensuring that the victim would lose.
The components were hidden by a rootkit driver that essentially tells Windows to ignore these files, rendering them invisible to applications, including security programs such as Norton Antivirus. Indeed Checkraised.com says that when the developer built the application, each version would be submitted to the company via email and scanned for viruses. Yet the rootkit code remained undetected.
However, Finnish security company F-Secure's Blacklight rootkit detection utility found the malicious software. Checkraised.com says it has now reported the findings to other antivirus companies, such as CERT, Symantec, McAfee, and TrendMicro.
Checkraised.com is advising users to change all poker site passwords and to check your computer for evidence of the infection, adding that the code may have been bundled into other applications which have nothing to do with the company.
It says it will no longer develop executable applications and that future programming will be done in-house.
Kimmo Kasslin, a researcher at F-Secure's Data Security Laboratory said: 'Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly, on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.'
For manual instructions for checking and removing the rbcalc.exe files, visit the Checkraised.com website. The company claims that its other properties are not affected by the issue.
More information on F-Secure's Blacklight rootkit detection technology, visit F-Secure.com/Blacklight.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
