Posted by:
admin
17 years, 1 month ago
But this time it is poker players.
F-Secure has analysis of a trojan that targets online poker accounts
The purpose of the dropped executables is to collect login information for various online poker websites from the user's computer and send them back to the malware author. In addition, the main malware component was protected by a rootkit driver that hid its process and launch point from registry.
The serious thing here was that RBCalc.exe was distributed by checkraised.com - a website that provides tools, articles and other various applications to all poker players. As a result, many online poker players could have been affected by this targeted attack.
Checkraised.com has removed the file and posted a page about the attack:
In December 2005 we contracted a programmer to create a rake calculator for us. The rake calculator (known as rbcalc, rbcalc.exe) was an executable file that a player would run on his machine to calculate rake from hands he previously played (stored in hand history files or a poker tracker database).
It has recently come to our attention that early versions of this program that we received contained a virus that installs itself every time the user runs rbcalc.
I'm curious to know whether the original programmer is to blame or if it was added later. Also, it has been up for 6 months so I'm surprised no one has been hit yet or at least reported it.
Share on Twitter Share on Facebook