UK Poker News recently reported on the Trojan horse virus scares following statements by leading UK betting companies, Ladbrokes and Betfair, and the need for online players to ensure they are armed with anti-virus and firewall protection and not open unidentified requests for personal information about betting and poker accounts. Such advice is of course standard practice for the security-conscious computer user but complacency is everyone’s worst enemy.
The Trojan threat was therefore fresh in my own mind when, over a period of three or four consecutive days, I began receiving pop-up messages from my own anti-virus program telling me that it had received, intercepted and safely disposed of the “worm” W32/Netsky.P@mm. Slightly alarmed and intrigued at the same time, I looked at my anti-virus company’s database and discovered that this particular invader had been upgraded to a higher category risk but was easily disposed of. Essentially, this was a “a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives.”
This probably means more to others than to me but I was reminded of the reality of this and other malicious threats just this week upon reading a report from Fortinet, a leading provider of multi-threat security systems whose customers include some of the largest telecommunications carriers and service providers around.
Fortinet produce a monthly top ten chart of its most commonly monitored malicious code scams and have just published the results for the month of May and at number one on this dubious roll of honour is my old friend W32/Netsky.P@mm.
The full list looks like this, with percentage of overall population monitored:
My particular invader was noted to be a regular and easily-dealt with animal but Fortinet were keen to highlight a new entrant at number 6, HTML/BankFraud.E!phish, which they say is the first occurrence of a “phishing” threat in the top 10.
For online gaming, this is an unwelcome development and Fortinet does not fill us with too much confidence given the fact that every day, a new man or woman in the street is acquiring an online money account for the purposes of gaming.
The remainder of this article is best left in Fortinet’s own words. They offer plenty of food for thought for the online poker player:
“When HTML/BankFraud.E!phish was added in March, it already accounted for 44 percent of the global phishing activity. In April, it accounted for up to 87 percent of phishing threats. Overall, 98 percent of all 1.83 million detected phishing threats in May are HTML/BankFraud.E!phish. As a conclusion, phishing activity has been multiplied by five since March, draining vertiginous amounts of money out of online bank accounts of victims from all over the world, mostly targeted toward countries without any digital law to address the issue.
“What is even more alarming is that not only do phishing threats grow in volume, they also grow in variety and inventiveness. This month we spotted phishing attempts where the victim is asked to call a telephone number, and disclose his or her credentials. Now, if we put together the fact that people educated in “classical” phishing may still fall in that trap, and the fact that the upcoming reign of VoIP will make it particularly easy to set up anonymous phone numbers, we may come to the conclusion that these scams will rise in the near future.
“Phishing is, however, not the only weapon in cyber-criminals’ arsenal when it comes down to gathering stolen credentials. Trojans and Spyware material also do the work very well. This makes sense, after all, as it is no more difficult – if not easier in some cases – to get an average user to click on an executable file than to fool her into logging in a fake bank website.
“In that domain too, two interesting innovations surfaced this month: the “Poker” Trojan, used by cyber-criminals to steal user credentials from famous poker sites, and a Trojan meant to steal “virtual” items from players of Massive Multiplayer Online Role Playing Games (MMORPG). Stolen items are then sold to other players wishing to empower their game character – this is generally done via auction sites.”
“There are two key points here: First of all, any social activity involving money online (e.g. online poker) will sooner or later be the target of cyber-criminals. The more popular it becomes, the sooner it becomes a major target. Secondly, there is a very interesting, and disconcerting, collusion between real and virtual worlds. In MMORP games, the virtual world goes on living long after the player in the real world disconnects. Weapons, spells, and other items in an online role-playing game are meant to be exchanged or bought within the game, thus with virtual money (typically with good old “gold coins”) but some people, willing to empower their game character, are ready to pay real money to acquire particularly powerful items for their game character. This, of course, attracts cyber-criminals. And when these items are stolen, and sold again for more money, the culprits are not “elves” or members of the “Guild of Thieves,” but the guy next door who wields a computer trojan infection.
Whether or not such a spectacular reduction of the factual frontier between real and virtual worlds is a worrying issue can be debated, but either way: it’s inclined to send a little chill.”
Ed note: Seats in all WSOP events can be won when you download Bet365 Poker