Two of the world's largest poker sites have been affected by a new piece of malware that allows cheats to prosper.
First reported by the Eset Security Blog, the Win32/Spt.Odlanor allows attackers to view cards in the victim's hand and then join the game on PokerStars or Full Tilt Poker in order to fleece the victim of their chips.
Victims are infected with the trojan when downloading software from elsewhere and it has been known to masquerade as Daemon Tools or mTorrent. It has also reached systems through various poker-specific programs such as player databases and poker calculators.
When the malware has been successfully executed it takes a screenshot of either the PokerStars or Full Tilt Poker client and this are relayed back to the attacker. From here on in screenshots can be obtained that reveal the hand and player ID thus making it very simple to find the exact table the person is playing at because each client allows you to search for tables by player ID.
Serial targets
Most of the victims are in Eastern Europe, particularly Russia and the Ukraine, and as of September 16 several hundred users have fallen victim to the malware.
Poker players are often targeted by cyber criminals and you can go as far back as 2008 to find warnings from one researcher about the threat posed, and PokerStars security product manager Trent Wyatt admitted in last year that poker players are definitely open to cyber crimes.
