Rootkit software infects gamblers' computers

Gamblers on an online gaming site have had their PCs infected with a rootkit.

Malicious rootkit software , known as RBCalc.exe - or the Rakeback calculator -  has been distributed from Checkraised.com's website to its customers' PCs. Rootkits are used by malware authors to hide malicious software.

This attack was found by security company F-Secure's rootkit detection technology, Blacklight. The software dropped four executable files into the gamers' computers and used the rootkit to hide its presence.

The malware then covertly stored gamblers' information and the executable files allowed hackers remote access to the victims' computers.

The stolen information has been used to log into various online poker websites including Partypoker, Empirepoker, Eurobetpoker and Pokernow. Having gained access, the hacker can then play poker against himself, losing on purpose and reaping the rewards.

Shortly after the discovery, Checkraised.com removed the offending exe file from its website and issued an official statement on its website advising users to change their poker site passwords as well as offering instructions for manually removing the malware.

Kimmo Kasslin, a researcher at F-Secure's data security laboratory, said: " Following the exponential rise of interest in online poker, it is inevitable that malware authors would follow suit with programmes to separate players from their money.

"What is significant is the fact that this particular scam was hosted, albeit unwittingly, on a legitimate site, using rootkit technology to cloak itself."

Kasslin continued: "Malware authors are increasingly wise to standard anti-virus and intrusion techniques and are constantly looking for a new exploits. Having standard data security software from the bigger vendors would not have protected you against this rootkit exploit. F-Secure's software does."

F-Secure has advised that people visiting the Checkraised.com site to ensure their PCs are not infected. A free scan is available from the F-Secure Online Scanner Next Generation Beta , which also now has rootkit detection capabilities through the F-Secure BlackLight engine.

People can also read  updates on this story from F-Secure' Data Security Lab weblog as the news unfolds.