|
|
#22
10-25-2005, 10:51 AM
|
|||
|
|||
Re: Poker Trojan??
"Wasn't one of the components of WinHoldem the ability to share hole card information with other users when in "team mode?" "
Thanks, Shauna, that was the group-play/cheating software I was referencing. Truepoker CEO 
|
|
#23
10-25-2005, 10:55 AM
|
|||
|
|||
|
Re: Poker Trojan??
I didn't really think it added anything important. Just figured it was a bad attempt at humor.
|
|
#24
10-25-2005, 10:57 AM
|
|||
|
|||
|
Re: Poker Trojan??
I just sent an email off to the author for more information. I'll let you all know if I hear anything back from him.
|
|
#25
10-25-2005, 09:32 PM
|
|||
|
|||
|
Re: Poker Trojan??
I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing.
[ QUOTE ] It was taking action-keyed, low-res screenshots of his cards and sending them to a password-protected IRC chat channel over port 80. It was a custom trojan that seemed to have both Rbot and PopSpy origins. It did not attempt to do anything stealth. When I found the trojan, I ran it in IDA disassembly to read the assembly language, which was bulky because it was written partially in Delphi, and then I ran it on VMWare session and recorded the traffic stream with Ethereal. I was able to reconstruct the screen shots as their original GIFs. It was quite simple, actually. In the poker channel the users pay an e-cash service to get "chips". Winners increase their holdings and it debits the losing player's account (i.e. transfering money to the winner's holdings). The user complained to me that he only seemed to lose the big hands and only recently, after 2 years of being a pretty good player. He suspected that cheating was going on because his machine got slow during big hands and his competitors seemed to know his cards. They held and bet like they could see his cards. Local FBI was not interested because apparently online gambling is illegal (or so the laughing special agent told me) and estimated losses did not exceed federal guidelines. [/ QUOTE ]
|
|
#26
10-25-2005, 10:24 PM
|
|||
|
|||
|
Re: Poker Trojan??
[ QUOTE ]
I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing. [/ QUOTE ] Did you ask him why the users of the program would be so stupid as to bet up pots when the kid had his "big" hands, as opposed to folding, which someone who knew poker would surely do? And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? I'm still skeptical (maybe this is actually Party's screen-shot mechanism), but the lesson seems to be: don't be stupid, use a firewall.
|
|
#27
10-25-2005, 10:24 PM
|
|||
|
|||
|
Re: Poker Trojan??
over my head/ 10.
|
|
#28
10-26-2005, 09:06 AM
|
|||
|
|||
|
Re: Poker Trojan??
[ QUOTE ]
[ QUOTE ] I got a response from the writer and it seems like he knows what he is talking about and did do testing to see exactly what this trojan was doing. [/ QUOTE ] Did you ask him why the users of the program would be so stupid as to bet up pots when the kid had his "big" hands, as opposed to folding, which someone who knew poker would surely do? And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? I'm still skeptical (maybe this is actually Party's screen-shot mechanism), but the lesson seems to be: don't be stupid, use a firewall. [/ QUOTE ] The guy who wrote this is not a poker player, he is computer security specialist who knows how to look at network traffic at the packet level and break down application code and actually read it. When he talks about "Big Hands" he could be talking about a lot of things and probably doesn't have an solid poker outlook on what that means. I can also think of many times when knowing that an opponent has a big hand, but not the better hand that you hold, could be a huge edge. Sorry, I actually do not know what IRC Poker is?? I did reply and ask if there was any way he would share which site was being used for this blantent cheating. Your statement about using a firewall is right on the money. This is as good an example of why we should be careful.
|
|
#29
10-26-2005, 09:34 AM
|
|||
|
|||
|
Re: Poker Trojan??
[ QUOTE ]
And it sounds like the guy's talking about IRC poker, not a site. "The poker channel"? [/ QUOTE ] No, I think he's saying that the trojan was sending data to an IRC channel, where the hackers could then retrieve it and use it. At least thats the way I read it. It doesn't sound like he's talking about IRC poker. If you think about it, it makes sense, wouldn't make sense to design a virus to send data out to a particular IP addresss which may be shut down, computer off, etc, when you can send it to a private IRC channel which a group of people have access to. This sounds pretty believable. Its not your typical "Online Poker is Rigged" no evidence bs. Its also not your typical "they can see my hole cards" rumor, where someone is offering to sell the ability to see hole cards for $50 (which would make absolutely no sense at all). This is why I format my computer nearly every month.
|
|
#30
10-26-2005, 09:35 AM
|
|||
|
|||
|
Re: Poker Trojan??
Yeah, I'm picturing big hands as maybe just meaning hands with large pots. Or hands where the kid is making a big bluff, and is getting called by hands that normally wouldn't be able to call him (Queen High against a missed low straight draw), etc.
The thign I don't understand about the FBI situation is, yes I can see them not going after cheating at online poker, but a trojan virus that steals information is still a trojan virus, and I'm relatively sure thats not legal, why wouldn't they be interested in that.
|
 |
|
|
Linear Mode
