| Poker gamers targeted by a rootkit backdoor Headsup online Poker fans. This courtesy of fellow MS MVP dvk01 as he has found some of these in the wild since May 5 so it's out there.
quote:
This press release comes from F-Secure. For more information on F-Secure's
mailing list policy, see end of message.
PRESS RELEASE
For release May 16, 2006
Poker gamers targeted by a rootkit backdoor
An online poker backdoor, covertly storing gamblers' information for
potential theft has been uncovered by F-Secure rootkit detection technology,
Blacklight. Rootkits are used by malware authors to hide malicious
software.The online tool RBCalc.exe, also known as a Rakeback calculator,
has been distributed from a gaming site Checkraised.com.
The backdoor, a method for securing illegal remote access to a computer was
created by silently dropping four executable files into the user's computer
and using a rootkit driver to conceal the operation. With this in place, the
tool's author could access login information from the user's computer for
various online poker websites including Partypoker, Empirepoker,
Eurobetpoker and Pokernow. Having gained access, the hacker could then play
poker against himself, losing on purpose and reaping the rewards.
Shortly after the discovery, Checkraised.com removed the offending exe file
from its website and issued an official statement on its website advising
users to change their poker site passwords as well as offering instructions
for manually removing the malware.
Speaking about the case, Kimmo Kasslin, a researcher at F-Secure's Data
Security Laboratory said: "Following the exponential rise of interest in
online poker, it is inevitable that malware authors would follow suit with
programs to separate players from their money. What is significant is the
fact that this particular scam was hosted, albeit unwittingly on a
legitimate site and used rootkit technology to cloak itself. Without our
unique Blacklight technology to detect it, many online gamblers could have
become victims of this exploit."
Kasslin continued: "Malware authors are increasingly wise to standard
antivirus and intrusion techniques and are constantly looking for a new
exploits. Having standard data security software from the bigger vendors
would not have protected you against this rootkit exploit. F-Secure's
software does."
F-Secure advises those who have downloaded and executed this binary provided
by checkraised.com, to check their systems immediately for possible
infection. A free scan is available from our new F-Secure Online Scanner
Next Generation Beta, which also now has rootkit detection capabilities
through the F-Secure BlackLight engine.
To view the full statement issued by Checkraised.com, go to:
»www.checkraised.com/site/apps/rb···calc.php
For a technical description and for a screenshot of the malicious RBCalc
application: »www.f-secure.com/v-descs/small_la.shtml
For F-Secure Internet Security 2006 with with Blacklight technology:
»www.f-secure.com/estore/
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
| Seems that gambling tends to attract the criminal element in the cyber world as well as the real world.  |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to CalamityJane
Remind me again why I don't play online poker.
Good find and notice for anyone who does play.
Blake |
|
|
|
| reply to CalamityJane
I see a lot of the poker games installed in the many Hijackthis logs I look at. It's also become a favorite of the younger teens set. Had a parent who found his child had been installing Party Poker behind their back and uninstalling it after playing to hide it. That was on the family PC. I would urge all parents to heads up and make sure you have the kids on Limited User accounts and NOT an admin account.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
 EGeezerSummertimePremium
join:2002-08-04
Midwest
kudos:7
 ·Callcentric
| reply to CalamityJane
The people I see playing online poker in our area are a mix of what folks used to call yuppies, the little old ladies who frequent Bingo nights and the retired guys who used to play with their buddies in the garage.
The gambling sites are right up there with the porn, smileys, free music, ringtones, shade tree search sites and lyrics in terms of distributing crapware.
--
Charter member, Harry Lime fan club  |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 | reply to CalamityJane
Having gained access, the hacker could then play
poker against himself, losing on purpose and reaping the rewards. Hey, that's pretty clever. |
|
 psicopMore human than humanPremium
join:2005-12-21
Australia | reply to CalamityJane
quote:
I would urge all parents to heads up and make sure you have the kids on Limited User accounts and NOT an admin account.
You are too nice!
I would give them a good flog and ban them from using the PC for a week. Children learn best the hard way. 
G. |
|
psicopMore human than humanPremium
join:2005-12-21
Australia | reply to MrBradTX
quote:
Seems that gambling tends to attract the criminal element in the cyber world as well as the real world.
And much more for sure!
G. |
|
| reply to psicop
said by psicop:You are too nice! I would give them a good flog and ban them from using the PC for a week. Children learn best the hard way. G. Well, my point was to do that as a preventative measure now before there is a problem. Don't wait for one of the kids to download something stupid (or dangerous). Because we know kids can do the darndest things And sadly, may not think about the risks or even be aware of them. LOL, upon reflection, I guess that can be said for users of any age. But yes, the gambling programs and even the gambling sites are dangerous, because they smell of money and and that makes the people who visit them prime targets of fraud or exploit. So those who do use the online gambling, need to be extra cautious. It's not for newbies.
--
It takes a disaster to make a woman out of a female
Microsoft MVP/Windows Security 2003-2006
Proud Member of ASAP (Alliance of Security Analysis Professionals) |
|
davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| reply to CalamityJane
I had an IM that suggested I was joking when I said it was a clever attack. Not at all - I really did think it was a pretty good hack.
After all, what you end up with is the problem of distinguishing (a) some guy whose poker account has been hacked into, and (b) some guy who was a lousy poker player and doesn't want to pay his debts.
The fact that online poker has a slightly disreputable reputation only adds to the cover story.
Just because it's a clever method doesn't mean I approve, of course. |
|
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
 ·Shaw
| reply to CalamityJane
Reality of the matter is, you don't need a rootkit to fleece someone with online poker. If your the mark and everyone else at the table is sharing information as to what cards they have and they are running odds generation software based on the shared knowledge, odds are pretty good your going to lose your money.
Frankly I often have a hard time determining which is lower on the scum meter, porn or gambling.
Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool |
|
 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
·Verizon Online DSL
| reply to EGeezer
said by EGeezer:The gambling sites are right up there with the porn, smileys, free music, ringtones, shade tree search sites and lyrics in terms of distributing crapware. Truer words never spoken! No doubt there are a couple of legit sites out there somewhere, but why bother-- the risks of infection are just too great. I can't figure out how that Golden Palace Casino stays in business. Gambling is a secondary operation with them, lagging far behind the distribution of malware (not to mention the tattooing of boxers and the purchasing of Iconic grilled-cheese sandwiches!) Not only that, but the thrill of physically sitting at a poker table, facing actual human opponents, with beautiful women catering to my libationary needs, can never (to me anyway) be duplicated in front of a computer!
--
Post first, think later. |
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| reply to Link Logger
said by Link Logger:Frankly I often have a hard time determining which is lower on the scum meter, porn or gambling. That would be gambling. I'm personally unaware of any malware-free gambling sites, but I can steer you towards plenty of safe hot babe sites if you'd like! 
--
Post first, think later. |
|
 Rogue WolfAte Your Homework, And Framed The Dog
join:2003-08-12
Troy, NY | reply to CalamityJane
said by CalamityJane:I would urge all parents to heads up and make sure you have the kids on Limited User accounts and NOT an admin account. I'll tell you what... if I found out that my child was A) gambling online and B) had gotten my computer "owned" through it, the next computer they would be touching would be the one they buy for THEIR own place!
Seriously, between the stacked odds, the cheating and the criminal element looking to empty your wallet however they can, I have to ask- is gambling (online OR off) even worth it?
--
Non impediti ratione cogitationis. |
|
cubs4evaPremium
join:2004-04-29
Aurora, IL | reply to CalamityJane
I play online poker on ESPN.com and never have any problems although I admit to being a bit oblivious to malware or whatever it is. Espn poker is free so not really gambling and if you win enough games you can receive prizes. |
|
 ZZZZZZZPremium
join:2001-05-27
PARADISE | reply to CalamityJane
I've been playing with Pokerstars software and online @ Pokeroom for months and both are safe with nothing going on in the background!
Both are owned by Mohawk technologies!
--
Go Sens Go! |
|
ABPremium
join:2006-04-04
Leesburg, VA
kudos:3 Reviews:
·Verizon Online DSL
| reply to cubs4eva
said by cubs4eva:I play online poker on ESPN.com and never have any problems although I admit to being a bit oblivious to malware or whatever it is . . . ESPN may well be a safe site. Certainly high-profile. But you'd better stop being "oblivious to malware", or you'll wake up one morning with no money left in your bank account, somebody else holding the mortgage on your home, or massive credit-card expenditures that you don't remember making!
If you own a computer, you owe it to yourself & to others to become part of the solution, not part of the problem!
--
Post first, think later. |
|
