The malware was recently discovered in a rake calculator, known as RBCalc or RBCalc.exe, that was distributed through CheckRaised.com. The site confirmed the malware and said it had removed it from the site.
A third-party developer hired by CheckRaised.com created the application containing the malicious code. Security vendor F-Secure Corp. said the Trojan runs each time the Rakeback calculator is launched. The purpose of the virus is to collect login information for various online poker Web sites and send them back to the malware author.
In addition, the Trojan was protected by a rootkit that hid its operation and launch point from a computer's registry from anti-virus software. F-Secure sent a copy of the malware to CheckRaised.com May 11, and the application was removed from the site the next day. It was not known how many visitors had installed the software on their computers.
In announcing the discovery Thursday, CheckRaised.com gave instructions on how to remove the Trojan and rootkit, and advised people whose machine were infected to change all their poker site passwords.
The site also said that development of executable software would be developed in-house from now on to ensure safety.