Check Raised RBCalc.exe Online Poker Calculator has Money-Stealing Small.la Trojan On Board - 3,687 Views,
|
Previous Article « Take Back the Net - Secure Your Computer!
Read Next Article » Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan
Check Raised RBCalc.exe Online Poker Calculator has Money-Stealing Small.la Trojan On Board
Follow Anne on
Twitter 
Friend Anne on Facebook
Check Raised’s RBCalc.exe Online Poker earnings calculator has the Backdoor.Win32.Small.la (Small.la for short) rootkit trojan hiding in it according both to online security company F-Secure, and Check Raised itself.
F-Secure explains that “Small.la is a spying trojan that targets several online poker games. It was distributed from a website checkraised.com using a trojaned Rakeback calculator application (RBCalc.exe). The trojan hides itself using rootkit techniques.” Once running, it monitors your accounts at several online poker sites, allowing the programmer behind the trojan to steal your poker account money - often by simply making it look like you played some losing hands, so you’ll never suspect something is amiss if you don’t pay really close attention to your accounts.
According to Check Raised, the trojan was slipped into its RBCalc.exe program by a programmer who worked on the program, which Check Raised began offering nearly sixth months ago, in December of 2006. Check Raised said that because the trojan was undetectable by many popular anti-virus programs, they had no idea about it until a third party brought it to their attention recently.
Check Raised goes on to say that “If you have ever used rbcalc please read the following to check if the malicious software is on your machine and how to remove it. This virus could also come bundled with other poker applications, so please read the following even if you have never heard of rbcalc.”
When you run RBCalc.exe, Backdoor.Win32.Small.la silently copies four files into your Windows system directory. These files are:
utlsrv.exe
comclg32.dll
d3dclsrv.dll
ndsdavsrv.sys
It then runs utlsrv.exe and begins spying all all of these applications:
PartyGaming.exe
mppoker.exe
poker.exe
gameclient.exe
ultimatebet.exe
absolutepoker.exe
mainclient.exe
pokerstars.exe
pokerstarsupdate.exe
partypoker.exe
fulltiltpoker.exe
pokernow.exe
multipoker.exe
empirepoker.exe
eurobetpoker.exe
Check Raised has instructions for finding and removing Small.la here.
Was this information helpful? If so, please leave us a review!
|
Previous Article « Take Back the Net - Secure Your Computer!
Read Next Article » Security Hole in Word Allows Attack Through Email with Ginwui.a Trojan
Read more:
» Yahoo Raises Price of Music Downloads on Yahoo Music Unlimited
» Find Out Who Obama’s VP Running Mate Will Be by Text Message
» Gmail Ad Nauseum I: EFF Issues Gmail Alert
» Looking for Recording Contracts to Get an Album Recorded? Check Out SellaBand!
For additional similar stories check out our archives on Gaming, Security
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
