Main Menu
Top of Page
Top of Page
  | Home   | Index   | Info   | This Week   | Poker   | News   | Email

Welcome to the News desk.

Poker players targeted by card-watching malware 25/10/2015
Richard Whitehouse
Online poker players are being targeted by a computer virus that spies on their virtual cards.

The software shares the cards with the virus's creators who then join the same game and try to fleece the victim. The sneaky malware has been found lurking in software designed to help poker fans play better, said the security firm that found it, ESET. The software also targets other useful information on a victim's computer such as login names and passwords.

The malware targets players of the Pokerstars and Full Tilt Poker sites, said Robert Lipovsky, a security researcher at Eset. The malware, Win32/Spy.Odlanor, which is used by its malware operator to cheat in online poker by peeking at the cards of infected opponent.

When it infects a machine, the software monitors the PC's activity and springs to life when a victim has logged in to either one of the two poker sites. It then starts taking screenshots of their activity and the cards they are dealt. Screenshots are then sent to the attacker..

The attacker seems to operate in a simple manner: After the victim has successfully been infected with the trojan, the perpetrator will attempt to join the table where the victim is playing, thereby having an unfair advantage by being able to see the cards in their hand.

Like a typical computer trojan, users usually get infected with Win32/Spy.Odlanor unknowingly when downloading some other, useful application from sources different than the official websites of the software authors. This malware masquerades as benign installers for various general purpose programs, such as Daemon Tools or mTorrent. In other cases, it was loaded onto the victim’s system through various poker-related programs – poker player databases, poker calculators, and so on – such as Tournament Shark, Poker Calculator Pro, Smart Buddy, Poker Office, and others.

Once executed, the Odlanor malware will be used to create screenshots of the window of the two targeted poker clients – PokerStars or Full Tilt Poker, if the victim is running either of them. The screenshots are then sent to the attacker’s remote computer.

Afterwards, the screenshots can be retrieved by the cheating attacker. They reveal not only the hands of the infected opponent but also the player ID. Both of the targeted poker sites allow searching for players by their player IDs, hence the attacker can easily connect to the tables on which they’re playing.

One operator, PartyPoker, has recently stopped allowing players to choose a table to play at, thus trying to limit the ability for players to collude or use malware like this. Instead players put themselves in a queue for a seat and then are placed at the next available spot.
Premier League Football