1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. About Us
  3. Pressroom
  4. News
  5. 2006
  6. May 16

Poker gamers targeted by a rootkit backdoor


May 16, 2006:

An online poker backdoor, covertly storing gamblers’ information for potential theft has been uncovered by F-Secure rootkit detection technology, Blacklight. Rootkits are used by malware authors to hide malicious software.The online tool RBCalc.exe, also known as a Rakeback calculator, has been distributed from a gaming site Checkraised.com.
 
The backdoor, a method for securing illegal remote access to a computer was created by silently dropping four executable files into the user’s computer and using a rootkit driver to conceal the operation. With this in place, the tool’s author could access login information from the user's computer for various online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. Having gained access, the hacker could then play poker against himself, losing on purpose and reaping the rewards.

Shortly after the discovery, Checkraised.com removed the offending exe file from its website and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.

Speaking about the case, Kimmo Kasslin, a researcher at F-Secure’s Data Security Laboratory said: Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money. What is significant is the fact that this particular scam was hosted, albeit unwittingly on a legitimate site and used rootkit technology to cloak itself. Without our unique Blacklight technology to detect it, many online gamblers could have become victims of this exploit.

Kasslin continued: Malware authors are increasingly wise to standard antivirus and intrusion techniques and are constantly looking for a new exploits. Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secure’s software does.

F-Secure advises those who have downloaded and executed this binary provided by checkraised.com, to check their systems immediately for possible infection. A free scan is available from our new F-Secure Online Scanner Next Generation Beta, which also now has rootkit detection capabilities through the F-Secure BlackLight engine.

For a technical description and for a screenshot of the malicious RBCalc application:
http://www.f-secure.com/v-descs/small_la.shtml 

For F-Secure Internet Security 2006 with with Blacklight technology:
http://www.f-secure.com/estore/ 
 
To get the free scan go to:
http://support.f-secure.com/enu/home/ols3.shtml

For more information


Mikko Hypponen, Chief Research Officer
Mobile: +358 (0)40 064 8180
Fax: +358 (0)9 2520 5001
Email: firstname.lastname@f-secure.com

BE SURE