A utility distributed by checkraised.com contains a trojan that steals your logins and passwords, according to security firm F-Secure."RBCalc.exe, also known as Rakeback calculator, was actually a Trojan. When RBCalc.exe is run, it silently drops four executable files into the user's %SystemRoot%\system32 folder and executes them.
The purpose of the dropped executables is to collect login information for various online poker websites from the user's computer and send them back to the malware author. In addition, the main malware component was protected by a rootkit driver that hid its process and launch point from registry"
Checkraised.com appears to be as surprised as the affected users, and have posted an announcement on their site including step-by-step instructions to remove the rootkit from an infected system. They also add, "Although this software was infected, we have thoroughly examined our websites and have found that none of them were compromised. The person who programmed this file did not have access to any of our sites. He would send updates by way of email, we would virus scan it (what good that did!), and then we would upload it to our website. Any information stored on Rake Tracker, Your Poker Cash, and Check Raised remains secure and safe.
We are deeply sorry for any trouble we may have caused. We hope that we have not ruined your trust and faith in us, but right now our highest priority is protecting any and all users and removing this potentially damaging software from all computers."
If you've used Rakeback calculator, you should immediately scan your system, remove the rootkit if it's present, and change your passwords. In fact, it's just good security to change your passwords reglarly anyway, and this may be a great opportunity for anyone with a "stale" password to update it.
(Thanks, Roger!)
1. Nice Find Wil...
One of The Neighbors Plays online constantly and I bet he would love to hear about htis... hehe
Cheers...
Posted at 10:32PM on May 15th 2006 by Keith L. Dick