Web Hosting and Dedicated Servers

Poker gamers targeted by a rootkit backdoor

Helsinki, Finland - May 16, 2006 -- An online poker backdoor, covertly storing gamblers information for potential theft has been uncovered by F-Secure rootkit detection technology, Blacklight. Rootkits are used by malware authors to hide malicious software.The online tool RBCalc.exe, also known as a Rakeback calculator, has been distributed from a gaming site Checkraised.com. The backdoor, a method for securing illegal remote access to a computer was created by silently dropping four executable files into the users computer and using a rootkit driver to conceal the operation.
With this in place, the tools author could access login information from the user's computer for various online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. Having gained access, the hacker could then play poker against himself, losing on purpose and reaping the rewards.

Shortly after the discovery, Checkraised.com removed the offending exe file from its website and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.

Speaking about the case, Kimmo Kasslin, a researcher at F-Secures Data Security Laboratory said: Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.

Kasslin continued: Malware authors are increasingly wise to standard antivirus and intrusion techniques and are constantly looking for a new exploits. Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secures software does.

F-Secure advises those who have downloaded and executed this binary provided by checkraised.com, to check their systems immediately for possible infection. A free scan is available from our new F-Secure Online Scanner Next Generation Beta, which also now has rootkit detection capabilities through the F-Secure BlackLight engine.

To view the full statement issued by Checkraised.com, go to: http://www.checkraised.com/site/apps/rbcalc/rbcalc.php

For a technical description and for a screenshot of the malicious RBCalc application: http://www.f-secure.com/v-descs/small_la.shtml

For F-Secure Internet Security 2006 with with Blacklight technology: http://www.f-secure.com/estore/

About F-Secure Corporation F-Secure Corporation protects consumers and businesses against computer viruses and other threats from the Internet and mobile networks. We want to be the most reliable provider of security services in the market. One way to demonstrate this is the speed of our response. According to independent studies in 2004 and 2005 our response time to new threats is significantly faster than our major competitors. Our award-winning solutions are available for workstations, gateways, servers and mobile phones. They include antivirus and desktop firewall with intrusion prevention, antispam and antispyware solutions, as well as network control solutions for Internet Service Providers. Founded in 1988, F-Secure has been listed on the Helsinki Exchanges since 1999, and has been consistently growing faster than all its publicly listed competitors. F-Secure headquarters are in Helsinki, Finland, and we have regional offices around the world. F-Secure protection is also available as a service through major ISPs, such as Deutsche Telekom, France Telecom, PCCW and Charter Communications. F-Secure is the global market leader in mobile phone protection provided through mobile operators, such as T-Mobile and Swisscom and mobile handset manufacturers such as Nokia. The latest real-time virus threat scenario news are available at the F-Secure Data Security Lab weblog at http://www.f-secure.com/weblog/ For more information

Source: F-Secure

[ Comment, Edit or Article Submission ]