Now we proudly present, the Poker Rootkit!
For online poker players, this was always going to be a losing hand.
A Trojan with malicious rootkit features hidden in a legitimate software package distributed by online gaming tools vendor Check Raised has the ability to hijack log-in information for multiple online poker Web sites, according to a warning from Finnish security vendor F-Secure.
The spying Trojan, identified as Backdoor.Win32.Small.la, was built into a Rakeback calculator application (RBCalc.exe) distributed by Check Raised to help online poker players keep track of scaled commission fees taken by the Web site operator.
Pretty clever stuff.
When the spying component is initialized, it starts a keystroke logger and connects to a remote server that is programmed to send instructions to the infected machines. The instructions range from the downloading of executable files, the uploading of stolen information, the shutdown of the Trojan and the ability to send application screenshots.
The backdoor also sends out sensitive information to remote servers, including keylogger database, computer name, and the username and password of several online poker programs.
What I thought was really clever was the way in which the application took money from users, it’s not direct, it’s very smart in fact!
An anti-virus company says the rootkit is particularly malicious because the hacker could take a victim’s money without making it look stolen — by using the passwords to log on to a poker site, then playing very badly against players controlled by the hacker. The victims are then left with little recourse, since it looks like they just lost their money during normal play.