Poker Players’ Login Details Stolen at Online Websites

by Lou on May 18, 2006

A rakeback calculator, RBCalc.exe, was actually malware used to steal players’ login details at online poker websites that included Partypoker, Empirepoker, Eurobetpoker and Pokernow.

It was discovered on the Poker tips web site Checkraised.com. A series of executable files were secretly dropped into a user’s computer but concealed through the use of a rootkit driver that enabled the operation to take place out of sight of the user.

The scam was uncovered byF-Secure’s Blacklight rootkit detection technology. Once discovered, Checkraised.com issued an apology, removed the file and issued instructions for manually removing the malware.

F-Secure’s Kimmo Kasslin said, “Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.”

Kasslin added, “Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secure’s software does.”Whether this last statement is accurate or just a sales message is open for debate, but it is worrisome nevertheless.

More detailed information about this scam is available in a post by Haley Hintze on KickAss Poker and by Wil Wheaton at Card Squad.

Comments on this entry are closed.

Previous post:

Next post: