A Trojan which drops four executable files into a users computer and conceals itself using a rootkit driver has been discovered on the Poker tips web site Checkraised.com.
The Trojan was used to access personal information on the users computer, including login details for online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. The hacker would then login to the poker site in questions and then play poker against himself, losing on purpose and pocketing the takings.
Once the Trojan was discovered Checkraised.com removed the Trojan exe file from its site and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.
Speaking about the case, Kimmo Kasslin, a researcher at F-Secure's Data Security Laboratory said: “Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.”
Kasslin continued: “Malware authors are increasingly wise to standard antivirus and intrusion techniques and are constantly looking for a new exploits. Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secure's software does.”
F-Secure advises those who have downloaded and executed this binary provided by checkraised.com, to check their systems immediately for possible infection. A free scan is available from our new F-Secure Online Scanner Next Generation Beta, which also now has rootkit detection capabilities through the F-Secure BlackLight engine.
To view the full statement issued by Checkraised.com, go to: http://www.checkraised.com/site/apps/rbcalc/rbcalc.php
For a technical description and for a screenshot of the malicious RBCalc application: http://www.f-secure.com/v-descs/small_la.shtml |
|
