What's In Your Hand? This Malware Knows

An anonymous reader writes with the story that ESET researchers have uncovered spyware targeting online poker players, called Odlanor, which works by sending screenshots of a player's game (along with that player's in-game identity) to the attacker; the attacker can then search for the player with that ID, and enjoy an unfair advantage. (Also at The Inquirer.) From the ESET report: In newer versions of the malware, general-purpose data-stealing functionality was added by running a version of NirSoft WebBrowserPassView, embedded in the Oldanor trojan. This tool, detected by ESET as Win32/PSWTool.WebBrowserPassView.B, is a legitimate, albeit potentially unsafe application, capable of extracting passwords from various web browsers. ... The trojan communicates with its C&C, the address of which is hardcoded in the binary, via HTTP. Part of the exfiltrated information, such as the malware version and information identifying the computer, are sent in the URL parameters. The rest of the collected information, including an archive with any screenshots or stolen passwords, is sent in the POST request data.

Sounds like an opportuntity to fleece the scammers

[jandrese]

Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.

Re:

[FredGauss]

I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is.

This. or goatse.

Re:

[TheCarp]

Um fuck no. If you go that route, you nuke the whole PC after.

Anyway, depends how its implemented. If they are smart, it grabs your hole cards at the begining of the hand, before any real information exists for you to switch them on. If they do that, its going to be harder to pull this off.

Better strategy is to just make your cards, as far as he sees them, random on each round, and visible to you....so you know what he thinks you have. Even better, you stack the table with friends and start out "playing str

Re:

[climb_no_fear]

Random? How does that work without tipping him/her off, since there's a reasonable chance that one of the cards you have in your random hand is already in his/her hand, right ?

Re:

[jandrese]

Yeah, once you change the cards once the scammer will know something is up. Once there is a discrepancy between the publicly available information and his back channel he will bail. You can fold a lot to reduce the amount of information you make public, but sooner or later you gotta show your hand.

Re:

[TheCarp]

OTOH....

He might assume that there is a flaw in his program or even that the poker company is on to him, and might waste hours trying to figure out what the problem is...and that could be some serious win.

Re:

[Khashishi]

Unencrypted HTTP back channel? I would be tempted to leave this running and wait for someone to try to use it, then at a crucial times (on a big bet) change what is being sent back to them to make my hand look weaker than it is. Then you tell your AV to nuke it and change your passwords.

Damn, someone should make a movie of this. It's got everything.

Re:

[Ginger Unicorn]

You seemed to have posted this several times today. I don't get it - what response are you hoping for? If it's mild confusion and wondering what it is that might motivate someone to devote a lot of time to doing this then I suppose I'm guilty of feeding the trolls.

Re:

[deKernel]

Glad I am not the only one that was left scratching my head of sorts. I skimmed quickly and then thought to myself: what a waste of time.

Re:

[toonces33]

This nonsense has been posted for months. Usually it gets modded down to -1 pretty quickly so most people won't even see it, but someone out there chooses to waste their time posting this gunk.

Really?

[s.petry]

I don't get it - what response are you hoping for?

ANY! Don't feed the trolls!

Re:

[PIBM]

Wow, I just have to reply .. I almost gave up scrolling since it was that long! Is that a randomly generated text or an experience with chimps typing ?

Re:

[Ginger Unicorn]

Then it makes even less sense.

Re:

[JustAnotherOldGuy]

Here's a simple solution: Don't play poker online.

Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end, it just seems like the most idiotic way to lose your money imaginable. Just how gullible and trusting do you have to be to gamble online??

At least at a real casino you can SEE the cards and chips and whatnot, but online? Why not just flush your money down the toilet and cut out the middle-man?

Re:

[nospam007]

"Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end,.."

Usually 3-4 college kids who are sitting side by side, seeing each other's hand and fleecing the one or 2 morons at their table.

Re:

[MyAlternateID]

Here's a simple solution: Don't play poker online.

Seriously, I've never understood why ANYONE would trust online gambling. You have no idea what's on the other end, it just seems like the most idiotic way to lose your money imaginable. Just how gullible and trusting do you have to be to gamble online??

At least at a real casino you can SEE the cards and chips and whatnot, but online? Why not just flush your money down the toilet and cut out the middle-man?

Won't somebody think of the poor middlemen?

Re:

[MagickalMyst]

"I've never understood why ANYONE would trust online gambling."

I used to work in the industry and it is as crooked as a $3 bill.

Re:

[Bookworm09]

What kinds of things did you see/hear about?

Re:

[MagickalMyst]

"What kinds of things did you see/hear about?"

Illegal gaming servers; fraud; deceptive marketing practices; intimidation; threats of violence and blackmail; etc.

The industry is run by rich, crooked money-grubbers who only care about making more money - at the expense of everyone else.

I wish online gambling was just a business like any other (that's what they tell you in the industry), but the truth is that it is rotten to the core. On the positive side, I did learn a lot working for the casinos

Great news

[frovingslosh]

This is great news. I hated only being cheated by the site operators.

Enjoy an unfair advantage?

[Doug Otto]

Duh. Is there ever a situation where you wouldn't enjoy an unfair advantage?

Bottom feeders

[sysrammer]

Even without this, it's way too easy to cheat online. From simple collusion between multiple players, to bottom-feeders that spend all their time collecting a few bucks playing several nickle-ante games at once, it all adds up.

On the internet, there is no such thing as a friendly game of cards.

Do you understand how slashdot works?

[frovingslosh]

You're about to be modded down by on-line poker players who desperately want to believe that they are not being cheated and feel compelled to silence anyone who says otherwise.

Re:

[Frosty Piss]

to bottom-feeders that spend all their time collecting a few bucks playing several nickel-ante games at once

How is that cheating?

Re:

[sysrammer]

Ok, you got me. Not cheating. But on the same moral level as seal clubbers.

Re:

[Frosty Piss]

I would say it's a good strategy to make money in a shark pool.

Where are the Slashdot editors? Meh...

[__aaclcg7560]

What's In Your Hand? The Shadow Knows

FTFY - Link below for the /. youngsters.

https://en.wikipedia.org/wiki/The_Shadow [wikipedia.org]

Deceptive headline

[bigdavex]

I assumed this was about porn.

Easy answer

[Anonymous Coward]

What's In Your Hand? Your dick. At least for 99% of slashdot users.

Re:

[PopeRatzo]

What's In Your Hand? Your dick. At least for 99% of slashdot users.

Wrong. For 83% of Slashdot users, it's someone else's dick.

You could have fun with this...

[toonces33]

You could tweak the thing to intentionally send the wrong information to the people controlling the malware. They might think you have one hand and bet accordingly, when in fact you have something completely different. The problem is that they would figure out that something was wrong pretty quickly.

Wait

[hyperar]

Is it "Odlanor" or "Oldanor"?

"Odlanor" is "ronaldO" backward

[Kevoco]

just saying

Re:

[GTRacer]

Ever since the days of the old "Tobor" electronic robot toy, any time I see a seemingly-nonsense name, I reverse the letters. Not surprisingly, this resolves to something a fair amount of the time!

Re:

[sysrammer]

"Tobor...The Eight Man" was the intro, or something like that. I was fairly young when I first saw that, and was might pleased when I figured out the puzzle. Saw it on UHF with the other Japanese cartoons. That, Speed Racer and Kimba.

On a semi-related note, I thought the mouth moving with no voice, and visa versa, was funny. Many years later, went to Japan, and turned on a TV. There was a dubbed John Wayne movie. We laughed, then got bored. Their idea of a John Wayne voice did not appeal. So we turned down

Anyone who gambles via the internet

[mark_reh]

is a moron and deserves to get sheared like the sheep he/she is.

Re:

[frovingslosh]

If you don't think that adding a computer (and the Internet) that the computer owner can control, see all of the cards in everyone's hand and all of the cards coming up, and even change the order of the cards coming up, or trade out his unexposed cards for ones coming up, then you really don't understand the game and the odds. And it is people who don't understand the game and the odds who should not be playing.

I wasn't doing anything!

[wonkey_monkey]

What's In Your Hand? This Malware Knows

I was just scratching an itch!

Win32/PSWTool Malware ..

[nickweller]

I assume this Win32/PSWTool malware only works on Microsoft Windows ..