IT security experts are warning about a new trojan built into an offering from an online poker tool vendor. The virus, hidden by a rootkit in CheckRaised’s Rakeback calculator – an executable file that helps players calculate rakes taken from hands they previously played – silently steals log-in information used to access online poker web sites.
The trojan, which Sophos named RBCalc, is not detected by common anti-virus software, including Norton Anti-Virus and Microsoft Defender, and was missed by CheckRaised during malware scans, according to a company advisory.
The company said it has removed the malicious application from its website, offered guidance to delete infected files and advised users to change their site passwords.
Experts were not surprised by the malware discovery, especially in light of the skyrocketing popularity of online gaming.
"Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programs to separate players from their money," said Kimmo Kasslin, F-Secure researcher. "What is significant is the fact that this particular scam was hosted, albeit unwittingly, on a legitimate site and used rootkit technology to cloak itself."
In the advisory, CheckRaised said it hired a programmer to design the rake calculator in December 2005.
"Although this software was infected, we have thoroughly examined our websites and found that none of them were compromised," according to the company notice. "The person who programmed this file did not have access to any of our sites. He would send updates by way of email, we would virus scan it (what good that did!) and then we would upload it to our website."
The company said in the advisory that it no longer plans to outsource application development.
Company representatives could not immediately be reached for comment today.