Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Games

What's In Your Hand? This Malware Knows 68

An anonymous reader writes with the story that ESET researchers have uncovered spyware targeting online poker players, called Odlanor, which works by sending screenshots of a player's game (along with that player's in-game identity) to the attacker; the attacker can then search for the player with that ID, and enjoy an unfair advantage. (Also at The Inquirer.) From the ESET report: In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers. ... The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP. Part of the exfiltrated information, such as the malware version and information identifying the computer, are sent in the URL parameters. The rest of the collected information, including an archive with any screenshots or stolen passwords, is sent in the POST request data.
This discussion has been archived. No new comments can be posted.

What's In Your Hand? This Malware Knows

Comments Filter:
  • by jandrese ( 485 ) <kensama@vt.edu> on Thursday September 17, 2015 @10:57AM (#50541145) Homepage Journal
    Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.
    • I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is.

      This. or goatse.

    • by TheCarp ( 96830 )

      Um fuck no. If you go that route, you nuke the whole PC after.

      Anyway, depends how its implemented. If they are smart, it grabs your hole cards at the begining of the hand, before any real information exists for you to switch them on. If they do that, its going to be harder to pull this off.

      Better strategy is to just make your cards, as far as he sees them, random on each round, and visible to you....so you know what he thinks you have. Even better, you stack the table with friends and start out "playing str

      • Random? How does that work without tipping him/her off, since there's a reasonable chance that one of the cards you have in your random hand is already in his/her hand, right ?
        • by jandrese ( 485 )
          Yeah, once you change the cards once the scammer will know something is up. Once there is a discrepancy between the publicly available information and his back channel he will bail. You can fold a lot to reduce the amount of information you make public, but sooner or later you gotta show your hand.
    • Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.

      Damn, someone should make a movie of this. It's got everything.

  • by frovingslosh ( 582462 ) on Thursday September 17, 2015 @11:03AM (#50541201)
    This is great news. I hated only being cheated by the site operators.
  • Duh. Is there ever a situation where you wouldn't enjoy an unfair advantage?
  • by sysrammer ( 446839 ) on Thursday September 17, 2015 @11:10AM (#50541263) Homepage

    Even without this, it's way too easy to cheat online. From simple collusion between multiple players, to bottom-feeders that spend all their time collecting a few bucks playing several nickle-ante games at once, it all adds up.

    On the internet, there is no such thing as a friendly game of cards.

  • What's In Your Hand? The Shadow Knows

    FTFY - Link below for the /. youngsters.

    https://en.wikipedia.org/wiki/The_Shadow [wikipedia.org]

  • by bigdavex ( 155746 ) on Thursday September 17, 2015 @11:16AM (#50541321)

    I assumed this was about porn.

  • by Anonymous Coward
    What's In Your Hand? Your dick. At least for 99% of slashdot users.
    • What's In Your Hand? Your dick. At least for 99% of slashdot users.

      Wrong. For 83% of Slashdot users, it's someone else's dick.

  • You could tweak the thing to intentionally send the wrong information to the people controlling the malware. They might think you have one hand and bet accordingly, when in fact you have something completely different. The problem is that they would figure out that something was wrong pretty quickly.

  • Is it "Odlanor" or "Oldanor"?
    • by GTRacer ( 234395 )
      Ever since the days of the old "Tobor" electronic robot toy, any time I see a seemingly-nonsense name, I reverse the letters. Not surprisingly, this resolves to something a fair amount of the time!
      • "Tobor...The Eight Man" was the intro, or something like that. I was fairly young when I first saw that, and was might pleased when I figured out the puzzle. Saw it on UHF with the other Japanese cartoons. That, Speed Racer and Kimba.

        On a semi-related note, I thought the mouth moving with no voice, and visa versa, was funny. Many years later, went to Japan, and turned on a TV. There was a dubbed John Wayne movie. We laughed, then got bored. Their idea of a John Wayne voice did not appeal. So we turned down

  • is a moron and deserves to get sheared like the sheep he/she is.

  • What's In Your Hand? This Malware Knows

    I was just scratching an itch!

  • I assume this Win32/PSWTool malware only works on Microsoft Windows ..

Genius is ten percent inspiration and fifty percent capital gains.

Working...