Poker gamers targeted by a rootkit backdoor
05/19/2006
5 px spacer

Helsinki, Finland - May 16, 2006 -- An online poker backdoor, covertly storing gamblers’ information for potential theft has been uncovered by F-Secure rootkit detection technology, Blacklight. Rootkits are used by malware authors to hide malicious software.The online tool RBCalc.exe, also known as a Rakeback calculator, has been distributed from a gaming site Checkraised.com. The backdoor, a method for securing illegal remote access to a computer was created by silently dropping four executable files into the user’s computer and using a rootkit driver to conceal the operation.

With this in place, the tool’s author could access login information from the user's computer for various online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. Having gained access, the hacker could then play poker against himself, losing on purpose and reaping the rewards.

Shortly after the discovery, Checkraised.com removed the offending exe file from its website and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.

Speaking about the case, Kimmo Kasslin, a researcher at F-Secure’s Data Security Laboratory said: “Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.”

Kasslin continued: “Malware authors are increasingly wise to standard antivirus and intrusion techniques and are constantly looking for a new exploits. Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secure’s software does.”

F-Secure advises those who have downloaded and executed this binary provided by checkraised.com, to check their systems immediately for possible infection. A free scan is available from our new F-Secure Online Scanner Next Generation Beta, which also now has rootkit detection capabilities through the F-Secure BlackLight engine.

For a technical description and for a screenshot of the malicious RBCalc application: http://www.f-secure.com/v-descs/small_la.shtml

For F-Secure Internet Security 2006 with with Blacklight technology: http://www.f-secure.com/estore/poster: Staff
Archived Poker Stories
- a
- Online legend leads after Day 1 EPT of San Remo
- Online poker hearing scheduled for next week
- Elio Fox wins WSOPE in dominating fashion
- Three reasons why poker is a game of skill
- 2011 WSOP Europe Main Event shatters record
- Tristan Wade wins WSOPE Shootout tournament
- Romanello denied Poker Triple Crown at WSOPE
- Daniel Negreanu reignites feud with Annie Duke
- Phil Hellmuth in search of 12th bracelet at WSOPE
- The 5 most hated people in poker: 2011 edition
- Negreanu speaks frankly about Full Tilt Poker
- AGCC addresses Full Tilt Poker players’ concerns
- Top online poker winners and losers for 2011
- BREAKING NEWS: Full Tilt Poker Sold?
- Full Tilt statement on AGCC license revocation
- Thomas “Kallllle” Pedersen wins 2011 WCOOP
- 2011 PokerStars WCOOP Main Event underway
- Gianetti trumps the field at WPT Malta
- Poker’s top players shine at WPT Malta
   
 
©2005-2009 Lifeofsports.com All Rights Reserved