Online gamblers targeted by scams

Through hidden rootkits and Trojan horses, hackers attempt to use casinos' popularity to steal from poker players.

Will Sturgeon Special to CNET News.com
2 min read
Gamblers playing in online casinos are being warned that they may increasingly be targeted by hackers looking to steal.

Earlier this week, F-Secure said it detected a potentially malicious rootkit application targeted at users of CheckRaised.com. The Finnish antivirus vendor said the program was being dropped onto users' machines from the poker community site when they downloaded a poker fee "rakeback" tool called Rake Tracker.

With the malicious tool in place, the program's author could access login details related to a number of well-known online casinos. The hacker could then effectively make money by setting up games between himself and himself posing as the compromised user, and lose as the user.

A statement on the CheckRaised Web site, run by CCRT, put the blame on a third-party developer and said the malicious program has now been removed. It warned all users to reset their poker passwords.

It's part of a recent flurry of fairly small-scale threats that has led some to suspect that online casinos may be targeted with increasing frequency as their popularity grows.

Last week, Betfair Poker issued a statement to users of its site. It warned them that a social-engineering scam was attempting to direct users to a site that would drop a Trojan horse onto their computer, effectively surrendering control of the PC to an unknown third party.

The scam revolved around a supposed story on the BBC site about a scam at Betfair. However, there was no story, and the link took players to a malicious Web page with the Trojan.

Kimmo Kasslin, a researcher at F-Secure Labs, said it is inevitable that criminals will start to target casinos as their membership numbers reach the same kind of critical mass that first flagged the likes of eBay and PayPal as targets for cybercrime.

Graham Cluley, senior technology consultant at Sophos, said the level of malicious software related to online gambling is very low, but he told Silicon.com that "in the future, if online gambling continues to increase in popularity and as a small number of companies dominate the online market, it wouldn't be surprising to see hackers turn their attention in this direction."

"Gamblers need to not only be careful about which Web sites they visit and give their bank details to, but also which add-ons and helper programs they deploy to help them have a winning streak," Cluley added.

Will Sturgeon of Silicon.com reported from London.