Skip to main content

more-on-two-factor-authentication-for-gamers

But this time it is poker players.

F-Secure has analysis of a trojan that targets online poker accounts

The purpose of the dropped executables is to collect login information for various online poker websites from the user's computer and send them back to the malware author. In addition, the main malware component was protected by a rootkit driver that hid its process and launch point from registry.

The serious thing here was that RBCalc.exe was distributed by checkraised.com - a website that provides tools, articles and other various applications to all poker players. As a result, many online poker players could have been affected by this targeted attack.

Checkraised.com has removed the file and posted a page about the attack:

In December 2005 we contracted a programmer to create a rake calculator for us. The rake calculator (known as rbcalc, rbcalc.exe) was an executable file that a player would run on his machine to calculate rake from hands he previously played (stored in hand history files or a poker tracker database).

It has recently come to our attention that early versions of this program that we received contained a virus that installs itself every time the user runs rbcalc.

I'm curious to know whether the original programmer is to blame or if it was added later. Also, it has been up for 6 months so I'm surprised no one has been hit yet or at least reported it.

Currently unrated

Recent Posts

Archive

2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom