Trojan Horse Threat Hits Poker Networks

by Lou on May 22, 2006

This must be the virus season. Earlier we reported about a rootkit used to secure remote access to poker players’ accounts who used a rakeback calculator inadvertently distributed by Checkraised.com and designed for use on PartyPoker and other large sites.

Now it seems that a possible virus could have infected hundreds of machines. A Ladbrokes Poker employee is alleged to have stolen $30,000,000 from player accounts. Players received a message from Ladbrokes telling them of the theft, but stating that their accounts are OK.

Betfair players were recently advised to visit the BBC website via pop-up message in regards to an employee fraud. It was not the BBC’s website they reached, but an unwanted virus.

Betfair responded by saying, “An internet hoax directing internet users to a bogus BBC site, purporting to be a story about a Betfair scam contained links to a virus. While the story was malicious and entirely untrue, some links downloaded a “Trojan Horse,” a program potentially enabling a hacker to access a victim’s computer.”

Once again, we advise all readers to take all precautions online and only opening links from trustworthy sources. With the incredible growth of online gaming, the proliferation of scams and scammers is likely to get worse before it gets better.

For any readers who might have used the rakeback calculator distributed by Checkraised.com, F-Secure advises checking your systems for possible infection. A free scan is available from F-Secure’s Online Scanner Next Generation Beta, which has rootkit detection capabilities through the F-Secure BlackLight engine.
Checkraised.com (http://www.checkraised.com/site/apps/rbcalc/rbcalc.php) has set up a page to explain their view of the situation. The page also contains step-by-step instructions for manually removing the malware.
To view the full statement issued by Checkraised.com, go to: http://www.checkraised.com/site/apps/rbcalc/rbcalc.php

For a technical description and for a screenshot of the malicious RBCalc
application: http://www.f-secure.com/v-descs/small_la.shtml

For F-Secure Internet Security 2006 with with Blacklight technology:
http://www.f-secure.com/estore/

Comments on this entry are closed.

Previous post:

Next post: