NEWS FROM THE LAB - Wednesday, May 17, 2006

More about the "Poker Rootkit" Posted by Mikko @ 04:07 GMT

Relating to our earlier post on the RBCalc rootkit, we've received some questions on what the malicious RBCALC.EXE application looked like.

Here's some screenshots:



We've also updated our technical description of this backdoor, complete with a list of poker applications that are targeted:


Stealing money via stolen poker accounts might be hard to prove: attacker could login with your stolen account and then play poker badly against himself. Try explaining that to the administrators of the gaming site : "I lost lots of money because somebody logged in as me and then played badly!" - "Yeah, sure they did".

F-Secure Anti-Virus detects this thing as Backdoor.Win32.Small.la. However, this doesn't seem to be a very big problem in the real world.