What Next? The Poker Rootkit of Course!

The New Acunetix V12 Engine


Ok so the list gets even BIGGER, after the WoW Trojan, Trojan for World Cup Fans, Ransomeware and the buy a spyware kit story

Now we proudly present, the Poker Rootkit!

For online poker players, this was always going to be a losing hand.

A Trojan with malicious rootkit features hidden in a legitimate software package distributed by online gaming tools vendor Check Raised has the ability to hijack log-in information for multiple online poker Web sites, according to a warning from Finnish security vendor F-Secure.

The spying Trojan, identified as Backdoor.Win32.Small.la, was built into a Rakeback calculator application (RBCalc.exe) distributed by Check Raised to help online poker players keep track of scaled commission fees taken by the Web site operator.

Pretty clever stuff.

When the spying component is initialized, it starts a keystroke logger and connects to a remote server that is programmed to send instructions to the infected machines. The instructions range from the downloading of executable files, the uploading of stolen information, the shutdown of the Trojan and the ability to send application screenshots.

The backdoor also sends out sensitive information to remote servers, including keylogger database, computer name, and the username and password of several online poker programs.

What I thought was really clever was the way in which the application took money from users, it’s not direct, it’s very smart in fact!

An anti-virus company says the rootkit is particularly malicious because the hacker could take a victim’s money without making it look stolen — by using the passwords to log on to a poker site, then playing very badly against players controlled by the hacker. The victims are then left with little recourse, since it looks like they just lost their money during normal play.

Smart stuff.

Source: eWeek

Posted in: Malware

, , , , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


Comments are closed.