Thread: Poker Trojan??
View Single Post
  #48  
Old 10-28-2005, 04:06 PM
Jeremy517 Jeremy517 is offline
Junior Member
  
Join Date: Jul 2004
Posts: 21
Default Re: Poker Trojan??
Here is my semi-expert opinion. Background: Former software engineer for a security company, former software engineer for a backup/restore company.

The basic idea behind it is plausible, but the author (based mostly on his email to someone in a prior post) seems to be embellishing what he knows and what this does.

Any trojan that can take screenshots could theoretically be used to see people's cards. This includes Back Orifice, Netbus, SubSeven, Rbot, PopSpy, etc. There doesn't need to be anything poker-specific about it. The trojan doesn't need to know what poker is or whether a person plays poker or not. All that has to be done is to take a screenshot. The nefarious player will just tell the trojan to take a screenshot when involved in a hand with the victim. The aforementioned trojans can all do this out of the box.

I doubt there is a "custom" version of these developed specifically for poker. You don't need it, and unless the source code for the trojan is available (it isn't), only the virus writer could create this so-called custom virus. The trojans already allow the attacker to browse files and directories, so finding out which poker software someone has installed is easy once the victim is infected.

Spots where the author seems to be talking out of his... ahem... back orifice:

- Port 80 is not an IRC port, it is an WWW port. No IRC server is going to run on port 80.

- Disassemblers produce pretty unreadable code. Reading disassembly to see what it does seems highly unlikely. Stepping through a debugger would be far more likely.

- A virus that did this wouldn't be very processor intensive. There would be no reason for it to slow the computer down. The only thing that might slow down is his internet connection if he uses dialup rather than broadband. But that still wouldn't slow the actual computer down. Even if it did slow the computer down, it would only slow down while it was taking the screenshot. There would be absolutely no reason for the computer to remain slow for the rest of the hand.

- The paragraph "In the poker channel the users pay an e-cash service to get 'chips'. Winners increase their holdings and it debits the losing player's account (i.e. transfering money to the winner's holdings)." makes absolutely no sense, unless he's talking about IRC poker, which he hadn't been.
Reply With Quote