What's In Your Hand? This Malware Knows

← Back to Stories (view on slashdot.org)

What's In Your Hand? This Malware Knows

Posted by timothy on Thursday September 17, 2015 @03:46AM from the know-when-to-pull-the-plug-know-when-to-scan dept.

An anonymous reader writes with the story that ESET researchers have uncovered spyware targeting online poker players, called Odlanor, which works by sending screenshots of a player's game (along with that player's in-game identity) to the attacker; the attacker can then search for the player with that ID, and enjoy an unfair advantage. (Also at The Inquirer.) From the ESET report: In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers. ... The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP. Part of the exfiltrated information, such as the malware version and information identifying the computer, are sent in the URL parameters. The rest of the collected information, including an archive with any screenshots or stolen passwords, is sent in the POST request data.

37 of 68 comments (clear)

Min score:

Reason:

Sort:

Sounds like an opportuntity to fleece the scammers by jandrese · 2015-09-17 03:57 · Score: 4, Insightful

Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.

--

I read the internet for the articles.
Great news by frovingslosh · 2015-09-17 04:03 · Score: 2

This is great news. I hated only being cheated by the site operators.

--
I'm an American. I love this country and the freedoms that we used to have.
Enjoy an unfair advantage? by DougOtto · 2015-09-17 04:04 · Score: 1

Duh. Is there ever a situation where you wouldn't enjoy an unfair advantage?

--
Solving Unix problems since 1989...
Re:Sounds like an opportuntity to fleece the scamm by FredGauss · 2015-09-17 04:08 · Score: 1

I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is.

This. or goatse.
Bottom feeders by sysrammer · 2015-09-17 04:10 · Score: 2

Even without this, it's way too easy to cheat online. From simple collusion between multiple players, to bottom-feeders that spend all their time collecting a few bucks playing several nickle-ante games at once, it all adds up.
On the internet, there is no such thing as a friendly game of cards.

--
His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
1. Re:Bottom feeders by Frosty+Piss · 2015-09-17 05:02 · Score: 1
  
  to bottom-feeders that spend all their time collecting a few bucks playing several nickel-ante games at once
  How is that cheating?
  
  --
  If you want news from today, you have to come back tomorrow.
2. Re:Bottom feeders by sysrammer · 2015-09-17 10:37 · Score: 1
  
  Ok, you got me. Not cheating. But on the same moral level as seal clubbers.
  
  --
  His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
3. Re:Bottom feeders by Frosty+Piss · 2015-09-18 04:28 · Score: 1
  
  I would say it's a good strategy to make money in a shark pool.
  
  --
  If you want news from today, you have to come back tomorrow.
Re:Simple solution by JustAnotherOldGuy · 2015-09-17 04:13 · Score: 2

Here's a simple solution: Don't play poker online.
Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end, it just seems like the most idiotic way to lose your money imaginable. Just how gullible and trusting do you have to be to gamble online??
At least at a real casino you can SEE the cards and chips and whatnot, but online? Why not just flush your money down the toilet and cut out the middle-man?

--
Just cruising through this digital world at 33 1/3 rpm...
Where are the Slashdot editors? Meh... by __aaclcg7560 · 2015-09-17 04:13 · Score: 1

What's In Your Hand? The Shadow Knows

FTFY - Link below for the /. youngsters.
https://en.wikipedia.org/wiki/The_Shadow
Deceptive headline by bigdavex · 2015-09-17 04:16 · Score: 4, Funny

I assumed this was about porn.

--
-Dave
Re:Adolph Hitroll here with a Greasy Yoda up GNAA by deKernel · 2015-09-17 04:18 · Score: 1

Glad I am not the only one that was left scratching my head of sorts. I skimmed quickly and then thought to myself: what a waste of time.
Re:Simple solution by nospam007 · 2015-09-17 04:18 · Score: 1

"Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end,.."
Usually 3-4 college kids who are sitting side by side, seeing each other's hand and fleecing the one or 2 morons at their table.
Re:Simple solution by MyAlternateID · 2015-09-17 04:26 · Score: 1

Here's a simple solution: Don't play poker online.
Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end, it just seems like the most idiotic way to lose your money imaginable. Just how gullible and trusting do you have to be to gamble online??
At least at a real casino you can SEE the cards and chips and whatnot, but online? Why not just flush your money down the toilet and cut out the middle-man?
Won't somebody think of the poor middlemen?
Easy answer by Anonymous Coward · 2015-09-17 04:33 · Score: 1

What's In Your Hand? Your dick. At least for 99% of slashdot users.
1. Re:Easy answer by PopeRatzo · 2015-09-17 05:47 · Score: 1
  
  What's In Your Hand? Your dick. At least for 99% of slashdot users.
  Wrong. For 83% of Slashdot users, it's someone else's dick.
  
  --
  You are welcome on my lawn.
You could have fun with this... by toonces33 · 2015-09-17 04:38 · Score: 1

You could tweak the thing to intentionally send the wrong information to the people controlling the malware. They might think you have one hand and bet accordingly, when in fact you have something completely different. The problem is that they would figure out that something was wrong pretty quickly.
Re:Adolph Hitroll here with a Greasy Yoda up GNAA by toonces33 · 2015-09-17 04:41 · Score: 1

This nonsense has been posted for months. Usually it gets modded down to -1 pretty quickly so most people won't even see it, but someone out there chooses to waste their time posting this gunk.
Really? by s.petry · 2015-09-17 04:47 · Score: 1

I don't get it - what response are you hoping for?
ANY! Don't feed the trolls!

--
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Re:Sounds like an opportuntity to fleece the scamm by TheCarp · 2015-09-17 05:08 · Score: 1

Um fuck no. If you go that route, you nuke the whole PC after.
Anyway, depends how its implemented. If they are smart, it grabs your hole cards at the begining of the hand, before any real information exists for you to switch them on. If they do that, its going to be harder to pull this off.
Better strategy is to just make your cards, as far as he sees them, random on each round, and visible to you....so you know what he thinks you have. Even better, you stack the table with friends and start out "playing straight" with him and let him win a little, then turn on the randomizers and fuck his world.

--
"I opened my eyes, and everything went dark again"
Wait by hyperar · 2015-09-17 05:09 · Score: 1

Is it "Odlanor" or "Oldanor"?
"Odlanor" is "ronaldO" backward by Kevoco · 2015-09-17 05:27 · Score: 1

just saying
1. Re:"Odlanor" is "ronaldO" backward by GTRacer · 2015-09-17 06:29 · Score: 1
  
  Ever since the days of the old "Tobor" electronic robot toy, any time I see a seemingly-nonsense name, I reverse the letters. Not surprisingly, this resolves to something a fair amount of the time!
  
  --
  Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
2. Re:"Odlanor" is "ronaldO" backward by sysrammer · 2015-09-17 10:46 · Score: 1
  
  "Tobor...The Eight Man" was the intro, or something like that. I was fairly young when I first saw that, and was might pleased when I figured out the puzzle. Saw it on UHF with the other Japanese cartoons. That, Speed Racer and Kimba.
  On a semi-related note, I thought the mouth moving with no voice, and visa versa, was funny. Many years later, went to Japan, and turned on a TV. There was a dubbed John Wayne movie. We laughed, then got bored. Their idea of a John Wayne voice did not appeal. So we turned down the volume and made our own dialogue. Good times. MST3k in the 70's!
  
  --
  His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
Re:Sounds like an opportuntity to fleece the scamm by Khashishi · 2015-09-17 05:52 · Score: 1

Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.
Damn, someone should make a movie of this. It's got everything.
Re:Sounds like an opportuntity to fleece the scamm by climb_no_fear · 2015-09-17 06:12 · Score: 1

Random? How does that work without tipping him/her off, since there's a reasonable chance that one of the cards you have in your random hand is already in his/her hand, right ?
Re:Simple solution by MagickalMyst · 2015-09-17 06:25 · Score: 1

"I've never understood why ANYONE would trust online gambling."

I used to work in the industry and it is as crooked as a $3 bill.

--
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Re:Sounds like an opportuntity to fleece the scamm by TheCarp · 2015-09-17 06:27 · Score: 1

OTOH....
He might assume that there is a flaw in his program or even that the poker company is on to him, and might waste hours trying to figure out what the problem is...and that could be some serious win.

--
"I opened my eyes, and everything went dark again"
Anyone who gambles via the internet by mark_reh · 2015-09-17 06:31 · Score: 1

is a moron and deserves to get sheared like the sheep he/she is.
1. Re:Anyone who gambles via the internet by frovingslosh · 2015-09-17 09:14 · Score: 1
  
  If you don't think that adding a computer (and the Internet) that the computer owner can control, see all of the cards in everyone's hand and all of the cards coming up, and even change the order of the cards coming up, or trade out his unexposed cards for ones coming up, then you really don't understand the game and the odds. And it is people who don't understand the game and the odds who should not be playing.
  
  --
  I'm an American. I love this country and the freedoms that we used to have.
I wasn't doing anything! by wonkey_monkey · 2015-09-17 06:32 · Score: 1

What's In Your Hand? This Malware Knows
I was just scratching an itch!

--
systemd is Roko's Basilisk.
Re:Adolph Hitroll here with a Greasy Yoda up GNAA by PIBM · 2015-09-17 07:09 · Score: 1

Wow, I just have to reply .. I almost gave up scrolling since it was that long! Is that a randomly generated text or an experience with chimps typing ?
Re:Sounds like an opportuntity to fleece the scamm by jandrese · 2015-09-17 07:40 · Score: 1

Yeah, once you change the cards once the scammer will know something is up. Once there is a discrepancy between the publicly available information and his back channel he will bail. You can fold a lot to reduce the amount of information you make public, but sooner or later you gotta show your hand.

--

I read the internet for the articles.
Re:Simple solution by Bookworm09 · 2015-09-17 09:17 · Score: 1

What kinds of things did you see/hear about?
Win32/PSWTool Malware .. by nickweller · 2015-09-17 10:22 · Score: 1

I assume this Win32/PSWTool malware only works on Microsoft Windows ..
Re:Simple solution by MagickalMyst · 2015-09-17 23:30 · Score: 1

"What kinds of things did you see/hear about?"

Illegal gaming servers; fraud; deceptive marketing practices; intimidation; threats of violence and blackmail; etc.

The industry is run by rich, crooked money-grubbers who only care about making more money - at the expense of everyone else.

I wish online gambling was just a business like any other (that's what they tell you in the industry), but the truth is that it is rotten to the core. On the positive side, I did learn a lot working for the casinos - about business, marketing and of course IT.

--
Political correctness is really just herd psychology pushed by insecure people who desperately seek social conformity.
Re: Adolph Hitroll here with a Greasy Yoda up GNAA by Ginger+Unicorn · 2015-09-30 22:42 · Score: 1

Then it makes even less sense.

--
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons