|
Poker Trojan??
This is from a security article I just read. Anyone else heard of this??
[ QUOTE ] And here's a new one: Last week one of my clients asked me if I would take a look at his son’s college computer because it was behaving slowly. Hey, I never care about the type of system as long as I’m being paid the same rate. The son is an avid online Texas hold'em player. I found an interesting Trojan called 1.exe in the root directory, which alerted other online players when my client’s son was online. It then recorded his cards during the different hands of poker and sent that information to the monitoring users. My boss’ son said that early on he was winning all the time, but lately he consistently lost his biggest hands -- not that it stopped him from playing, unfortunately. [/ QUOTE ] |
Re: Poker Trojan??
Source for the article please.
|
Re: Poker Trojan??
solution: tell idiot son to stop using his poker computer for B-grade porn.
|
Re: Poker Trojan??
[ QUOTE ]
My boss’ son said that early on he was winning all the time, but lately he consistently lost his biggest hands [/ QUOTE ] where have i heard this before.... just so damn familiar... Wait, i got it: PARTY IS RIGGED!! |
Re: Poker Trojan??
[ QUOTE ]
Source for the article please. [/ QUOTE ] Be interesting to at least know what he was talking about, I assume he was just lieing. |
Re: Poker Trojan??
Thats awesome..
I collected the Trojan and sent it to the online poker company. Now, a devious mind might have reverse-engineered the Trojan and sent back the wrong cards to the cheating players and … oh, that’s right, I’m one of the good guys. |
Re: Poker Trojan??
The file 1.exe was part of a common virus that was making the rounds last year. It has nothing to do with poker.
|
Re: Poker Trojan??
[ QUOTE ]
The file 1.exe was part of a common virus that was making the rounds last year. It has nothing to do with poker. [/ QUOTE ] But...the kid was winning before...and now he's NOT winning...it MUST be a poker cheat virus! |
Re: Poker Trojan??
online poker is rigged. I did a search and found these files on my computer:
alwayslosewithAA.exe alwayswinfirsthandattable.exe fishalwayshits3outer.exe |
Re: Poker Trojan??
dude, can u send me alwayswinfirsthandattable.exe. i've already got alwayslosewithAA.exe, but alwayswinfirsthandattable.exe sounds sweet.
|
Re: Poker Trojan??
[ QUOTE ]
online poker is rigged. I did a search and found these files on my computer: alwayslosewithAA.exe alwayswinfirsthandattable.exe fishalwayshits3outer.exe [/ QUOTE ] nh |
Re: Poker Trojan??
Interesting, but since any operating poker site already deals the cards and therefore knows what the "son" holds, why would it bother to create a trojan to gather that same information .... Doesn't seem likely the poker site was responsible, it this ever occurred at all.
(Wasn't there some other type of site which encouraged players pooling information and, gasp, cheating, via some software they downloaded in common ..... Maybe "son" was actually a cheater?) |
Re: Poker Trojan??
I think you misunderstood the article.
|
Re: Poker Trojan??
[ QUOTE ]
My boss’ son said that early on he was winning all the time, but lately he consistently lost his biggest hands [/ QUOTE ] Must be some pretty clever cheaters. They know he has a "big hand" and they still chase to the river. [img]/images/graemlins/shocked.gif[/img] I'd be a lot more convinced something was fishy if he said his pocket aces never got cracked and his "biggest hands" never went to show down. |
Re: Poker Trojan??
[ QUOTE ]
Interesting, but since any operating poker site already deals the cards and therefore knows what the "son" holds, why would it bother to create a trojan to gather that same information .... Doesn't seem likely the poker site was responsible, it this ever occurred at all. (Wasn't there some other type of site which encouraged players pooling information and, gasp, cheating, via some software they downloaded in common ..... Maybe "son" was actually a cheater?) [/ QUOTE ] I believe the article asserts a third party was using a trojan to gather this information the poker site already has. |
Re: Poker Trojan??
The article said ;
"I collected the Trojan and sent it to the online poker company" That might have been where I went astray in my understanding of what this guy was saying. |
Re: Poker Trojan??
Just for the record, I was not trying to in any way say that online poker is "rigged". The article was from a computer industry rag (InfoWorld) and is supposed to be written by a "computer security veteran and author who has done consulting work for many Fortune 500 companies". The rag has nothing to do with poker and the article is supposed to be about computer security.
I assumed (which yes, I know I shouldn't assumed) that this guy knew what he was talking about and had done something more in his testing than just assume that this virus had something to do with online poker since the kid plays poker. I will email the author and see if he responds to why he thinks this has something to do with on-line poker and why he thinks this is what was happening. I just wanted to see if anyone here had heard of anything like this or not. |
Re: Poker Trojan??
[ QUOTE ]
This is from a security article I just read. Anyone else heard of this?? [ QUOTE ] And here's a new one: Last week one of my clients asked me if I would take a look at his son’s college computer because it was behaving slowly. Hey, I never care about the type of system as long as I’m being paid the same rate. The son is an avid online Texas hold'em player. I found an interesting Trojan called 1.exe in the root directory, which alerted other online players when my client’s son was online. It then recorded his cards during the different hands of poker and sent that information to the monitoring users. My boss’ son said that early on he was winning all the time, but lately he consistently lost his biggest hands -- not that it stopped him from playing, unfortunately. [/ QUOTE ] [/ QUOTE ] Why did you leave out this line? I collected the Trojan and sent it to the online poker company. Now, a devious mind might have reverse-engineered the Trojan and sent back the wrong cards to the cheating players and … oh, that’s right, I’m one of the good guys. |
Re: Poker Trojan??
[ QUOTE ]
Why did you leave out this line? I collected the Trojan and sent it to the online poker company. Now, a devious mind might have reverse-engineered the Trojan and sent back the wrong cards to the cheating players and … oh, that’s right, I’m one of the good guys. [/ QUOTE ] Someone should really reverse engineer one of those TROGANs that... althought he bad guys would only need to lose 1 (maybe 2 hands after saying wtf??? and realize they are being played). |
Re: Poker Trojan??
Wasn't one of the components of WinHoldem the ability to share hole card information with other users when in "team mode?" I'm wondering if he was using the software or maybe tried it out for a while and this file was from their program.
I'm hoping that we do get some more information on this; it sounds like the original source from Infoworld is for real and there could be something to it. Shauna |
Re: Poker Trojan??
One $100/$200 hand per day for me then!
|
Re: Poker Trojan??
"Wasn't one of the components of WinHoldem the ability to share hole card information with other users when in "team mode?" "
Thanks, Shauna, that was the group-play/cheating software I was referencing. Truepoker CEO |
Re: Poker Trojan??
I didn't really think it added anything important. Just figured it was a bad attempt at humor.
|
Re: Poker Trojan??
I just sent an email off to the author for more information. I'll let you all know if I hear anything back from him.
|
Re: Poker Trojan??
I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing.
[ QUOTE ] It was taking action-keyed, low-res screenshots of his cards and sending them to a password-protected IRC chat channel over port 80. It was a custom trojan that seemed to have both Rbot and PopSpy origins. It did not attempt to do anything stealth. When I found the trojan, I ran it in IDA disassembly to read the assembly language, which was bulky because it was written partially in Delphi, and then I ran it on VMWare session and recorded the traffic stream with Ethereal. I was able to reconstruct the screen shots as their original GIFs. It was quite simple, actually. In the poker channel the users pay an e-cash service to get "chips". Winners increase their holdings and it debits the losing player's account (i.e. transfering money to the winner's holdings). The user complained to me that he only seemed to lose the big hands and only recently, after 2 years of being a pretty good player. He suspected that cheating was going on because his machine got slow during big hands and his competitors seemed to know his cards. They held and bet like they could see his cards. Local FBI was not interested because apparently online gambling is illegal (or so the laughing special agent told me) and estimated losses did not exceed federal guidelines. [/ QUOTE ] |
Re: Poker Trojan??
[ QUOTE ]
I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing. [/ QUOTE ] Did you ask him why the users of the program would be so stupid as to bet up pots when the kid had his "big" hands, as opposed to folding, which someone who knew poker would surely do? And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? I'm still skeptical (maybe this is actually Party's screen-shot mechanism), but the lesson seems to be: don't be stupid, use a firewall. |
Re: Poker Trojan??
over my head/ 10.
|
Re: Poker Trojan??
[ QUOTE ]
[ QUOTE ] I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing. [/ QUOTE ] Did you ask him why the users of the program would be so stupid as to bet up pots when the kid had his "big" hands, as opposed to folding, which someone who knew poker would surely do? And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? I'm still skeptical (maybe this is actually Party's screen-shot mechanism), but the lesson seems to be: don't be stupid, use a firewall. [/ QUOTE ] The guy who wrote this is not a poker player, he is computer security specialist who knows how to look at network traffic at the packet level and break down application code and actually read it. When he talks about "Big Hands" he could be talking about a lot of things and probably doesn't have an solid poker outlook on what that means. I can also think of many times when knowing that an opponent has a big hand, but not the better hand that you hold, could be a huge edge. Sorry, I actually do not know what IRC Poker is?? I did reply and ask if there was any way he would share which site was being used for this blantent cheating. Your statement about using a firewall is right on the money. This is as good an example of why we should be careful. |
Re: Poker Trojan??
[ QUOTE ]
And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? [/ QUOTE ] No, I think he's saying that the trojan was sending data to an IRC channel, where the hackers could then retrieve it and use it. At least thats the way I read it. It doesn't sound like he's talking about IRC poker. If you think about it, it makes sense, wouldn't make sense to design a virus to send data out to a particular IP addresss which may be shut down, computer off, etc, when you can send it to a private IRC channel which a group of people have access to. This sounds pretty believable. Its not your typical "Online Poker is Rigged" no evidence bs. Its also not your typical "they can see my hole cards" rumor, where someone is offering to sell the ability to see hole cards for $50 (which would make absolutely no sense at all). This is why I format my computer nearly every month. |
Re: Poker Trojan??
Yeah, I'm picturing big hands as maybe just meaning hands with large pots. Or hands where the kid is making a big bluff, and is getting called by hands that normally wouldn't be able to call him (Queen High against a missed low straight draw), etc.
The thign I don't understand about the FBI situation is, yes I can see them not going after cheating at online poker, but a trojan virus that steals information is still a trojan virus, and I'm relatively sure thats not legal, why wouldn't they be interested in that. |
Re: Poker Trojan??
Jman, I think you are right on the money with both of your responses. I did get a response from the guy on what site was being played and he said he struggled with it but would rather not right now, which I actually expected. I would have had a hard time with releasing info like that as well.
I am going to ask if he will commit to saying if it was a large well known poker site or one of the smaller less used ones and see what he says. I am a little suprised that there is not more interest in this thread. Something like this would seem to be fairly serious to the online poker world? I'll be out of town a couple of days and may not have internet access but I'll follow up on this when I am back. |
Re: Poker Trojan??
FBI probably has enough to worry about beside a kid getting ripped off participating in an illegal activity??? Kind of like going to the FBI to report your drug dealer robbing you.
|
Re: Poker Trojan??
Im very interested and just reading away waiting on replies.
|
Re: Poker Trojan??
[ QUOTE ]
Im very interested and just reading away waiting on replies. [/ QUOTE ] I know that it is possible but I've never opened my mouth about it. I still play all the time, I'm just careful. |
Re: Poker Trojan??
[ QUOTE ]
Im very interested and just reading away waiting on replies. [/ QUOTE ] am I protected with Zone Alarm? my gut says yes but I want to make sure. |
Re: Poker Trojan??
Zone protects inbound and outbound traffic so I would say you are.
|
Re: Poker Trojan??
[ QUOTE ]
Zone protects inbound and outbound traffic so I would say you are. [/ QUOTE ] Exactly. A good firewall will tell you when your computer is trying to access the network. If this 'trojan' was at all widespread, people with operating firewalls would be screaming. But all we have is the isolated article and iheards. |
Re: Poker Trojan??
[ QUOTE ]
But all we have is the isolated article and iheards. [/ QUOTE ] Its unrelated, but... I run several networks for hotels (WiFi, wired, etc etc), and at one of them there is a "communal" computer. I had a sign made that said "If you use this computer for transmitting sensitive information, you do so at your own risk" People still played poker on it. I was just astounded. |
Re: Poker Trojan??
[ QUOTE ]
I am a little suprised that there is not more interest in this thread. Something like this would seem to be fairly serious to the online poker world? [/ QUOTE ] I think we all knew that this was an eventuality considering how much money is involved. It'll only really be a "threat" if it becomes widespread. I am curious as to how the kid got it. If he got it through some kind of innocuous email virus because he opened an attachment, and it is going out to millions of people, that is a serious problem. More likely though, I bet he got it from downloading some non-reputable third party poker software, maybe even one of those fake "help me cheat" programs advertised out there that don't work. Then I am not as concerned. Edit: As for which Poker Site this is for. Well, it is my thought that a virus which successfully captured screen shots, interpreted the data, and then transmitted them to an IRC room would be a LOT more difficult to write, and bigger, than a virus which just captured a realtime hand history, and transmitted that. So I would think that this would be more likely a site like Party and Network that does realtime hadn history writing to your hard drive. Don't know how much that narrows it down. |
Re: Poker Trojan??
I did get another response from the original author.
I basically asked if he would be confortable telling me if it was one of the large popular poker sites or if it was a smaller less used and less known room. His reply was a simple, "One of the largest" I did replay and raised the question of weather or not antivirus software or firewall would have prevented this or not. I assume it would but you never know. Doesn't hurt to ask. |
| All times are GMT -4. The time now is 06:59 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.