Online Poker Site Dealing Trojan

The Trojan was protected by a rootkit that hid its operation from anti-virus software.

Antone Gonsalves, Contributor

May 19, 2006

1 Min Read

Gamblers have been dealt a bad hand with the discovery of a Trojan and virus-cloaking rootkit on a site dedicated to online poker.

The malware was recently discovered in a rake calculator, known as RBCalc or RBCalc.exe, that was distributed through The site confirmed the malware and said it had removed it from the site.

A third-party developer hired by created the application containing the malicious code. Security vendor F-Secure Corp. said the Trojan runs each time the Rakeback calculator is launched. The purpose of the virus is to collect login information for various online poker Web sites and send them back to the malware author.

In addition, the Trojan was protected by a rootkit that hid its operation and launch point from a computer's registry from anti-virus software. F-Secure sent a copy of the malware to May 11, and the application was removed from the site the next day. It was not known how many visitors had installed the software on their computers.

In announcing the discovery Thursday, gave instructions on how to remove the Trojan and rootkit, and advised people whose machine were infected to change all their poker site passwords.

The site also said that development of executable software would be developed in-house from now on to ensure safety.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights