Online poker players are being warned to keep their anti-virus software up-to-date and avoid clicking links from unknown sources after a top internet security company announced it has discovered malware that specifically targets both PokerStars and Full Tilt players.
The Malware is called Win32/Spy.Odlanor and, according to Robert Lipovsky, a security researcher at Eset, targets specifically PokerStars and Full Tilt on infected machines. Once a victim is infected with the Trojan, the virus looks for PokerStars and Full Tilt clients and if the victim is running either of them, the virus takes screenshots which are then sent to the attacker.
These screenshots show the infected player’s alias and their hole cards. As it is possible to search for opponents via the PokerStars and Full Tilt clients, it is possible for the attacker to find the infected player, join their table and know exactly how to play against that particular player.
"PokerStars and Full Tilt are aware that some players' computers have been targeted by malicious software," a PokerStars and Full Tilt representative told PokerNews on Friday. However, "an initial review of gameplay for those accounts where we believe this malware was present found no evidence that these players have lost funds due to unfair play."
"In line with our constant goal for utmost security, we recommend that players protect themselves against this sort of attack by practicing good computer security," the poker rooms representative continued. "Players should keep their operating system updated, use reliable anti-virus software, and only install software from reputable sources.”
How and where are players being infected?
According to Lipovsky, the vast majority of infections discovered are from Eastern European with 71% being found on machines in Russia and Ukraine. However, everyone should remain vigilant and take preventative measures to ensure they do not become infected by this latest virus.
For the most part, online poker players are safe from malware and if you download software from legitimate sources then chances are you’ll never encounter a problem during your career. Lipovsky revealed in his blog that “users usually get infected with Win32/Spy.Odlanor unknowingly when downloading some other, useful application from sources different than the official websites of the software authors,” and lists programs such as Daemon Tools or mTorrent in addition to poker-related software including Poker Calculator Pro, Smart Buddy, Poker Office and Tournament Shark.
Eset informed PokerNews that this virus only infects Windows-based machines, meaning Mac users cannot be infected by this particular malware.
What can I do to prevent being infected by the Odlanor poker virus?
As with all viruses, and not only those that infect computers, prevention is better than the cure. The first thing every computer user should do is purchase a top anti-virus program that has a firewall built in. For added security you can close ports on your computer that don’t need to be open for playing poker or general internet access, Google is your friend on this one.
Secondly, only ever download software from official sites and legitimate sources – never torrent poker-related programs. You shouldn’t be using torrents anyway, but especially not for poker programs, it just isn’t worth the risk.
Also, heed the warnings that your anti-virus and firewall put out. I recently updated my PokerTracker 4 and Norton flagged it up because it was a new file and not many people had used it at that time. While this was nothing to worry about, it is worth reading the information that the software designed to protect your machine is displaying instead of simply clicking button to run the program anyway.
Furthermore, be vigilant and use common sense. Don’t click links in emails, instant messengers and the like from senders that you do not know. If you receive an email or see a website supposedly offering you a way to guarantee winning at poker or other such lines, it is likely to be a scam of some sort and therefore a danger to the security of your computer.
How to Check Your Computer for Odlanor (And Remove It)
“We have detected Odlanor for the first time on April 19. Then, sometime later, we have noticed that some computers have been infected by a different variant of the same program - so we can say that there are two versions of Odlanor out there. The good news, is that we can detect and remove both versions,” a representative from ESET told PokerNews on Friday.
"From a technical point of view, we recommend people to check their computer and understand whether they have installed Odlanor or not. We have a a free online scanner that anyone can use and that not only detects the malware, but also removes it as well.”
Here’s how to check your computer for Odlanor:
- Click here to open ESET’s Online Scanner in a new tab
- Click on ‘Run ESET Online Scanner’
- Download the ESET Smart Installer
- Follow the instructions on the screen
“If you find your machine is infected, we recommend you to change any kind of password that you have stored on your computer,” the representative from ESET continued.