To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/research/specialreports/gambling/0,3800010160,39158950,00.htm

Online casino punters targeted by malware scams
One to watch, more than one to lose sleep over...

By Will Sturgeon

Published: Wednesday 17 May 2006

Gamblers playing in online casinos are being warned that they may increasingly be targeted by criminals looking to steal money by infecting their machines.

A recent flurry of fairly small scale threat activity has led some to suspect that casinos may be targeted with increasing frequency as their popularity grows. Certainly with users processing transaction data, online gamblers will be attractive targets for criminals.

Earlier this week, Finnish antivirus vendor F-Secure detected a potentially malicious rootkit application, which was being dropped onto users machines from poker community site CheckRaised.com when they downloaded a 'raketracker' tool - which allows users to monitor the house's take on their poker games.

With the malicious tool in place the program's author could access login details for a number of well know online casinos. The hacker could then effectively make money by setting up games between himself and the compromised users, on whose behalf he would lose.

A statement on the CheckRaised.com website put the blame on a third-party developer and said the malicious program has now been removed. It warned all users to reset their poker passwords.

Last week Betfair Poker issued a statement to users of its site warning of a social engineering scam which attempted to direct users to a site that would drop a Trojan onto their computer - effectively surrendering control of the PC to an unknown third party.

The scam revolved around a supposed story on the BBC site, ironically about a scam at Betfair, however there was no story and the link took players to a page where a Trojan could be dropped onto their machine.

Kimmo Kasslin, a researcher at F-Secure Labs, said it is inevitable criminals will start to target casinos as their membership numbers reach the same kind of critical mass that first flagged the likes of eBay and PayPal as targets for cyber crime.

Graham Cluley, senior technology consultant at Sophos, said the level of malware related to online gambling is very low but he told silicon.com: "In the future, if online gambling continues to increase in popularity and as a small number of companies dominate the online market, it wouldn't be surprising to see hackers turn their attention in this direction."

He added: "Gamblers need to not only be careful about which websites they visit, and give their bank details to, but also which add-ons and helper programs they deploy to help them have a winning streak."