Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Already using Google+? Find us on Google+ for the latest security news.
A high stakes online poker player says that an unknown hacker used a malicious image file to compromise his account and empty of it of more than $100,000 in winnings – the latest in what players say is a string of scams.
The player, who uses the handle _MicahJ_, claims that he was lured into a trap by a fellow member of a twoplustwo forums to an online poker game to size up his online holdings.
That user then sent an email containing a malicious image file that installed a keylogging Trojan on his system. The attacker then emptied the account of over $115,000 in poker winnings over three days.
"I knew I shouldn't have opened it but didn't think until after the matter. I contacted others on suspected scamming but couldn’t get anything done until it was too late," he wrote.
According to the user, who did not immediately respond to requests for comment, the hacker – using the handle highgrind22 - gained access to an account at the website Lock Poker for three days. During that time he made small transfers out of the account to an account linked to a yahoo.com email address. The attacker also played in high stakes games, losing around $80,000 to another player.
The post, on Saturday, elicited hundreds of responses from twoplustwo users, most online poker players themselves. The ensuing conversation has become something of an online 'whodunnit,' with players attempting to uncover the identity of the attacker, and others stepping forward to clear their name from the scandal.
The list of suspects includes a twoplustwo forum member who uses the handle WHITNEYDOH, and who made tens of thousands of dollars in online winnings playing against what _MicahJ_ claims was a hacked account. After briefly having his account suspended by Lock Poker, however, that user was reinstated and claims innocence.
It is not known for sure if _MicahJ_ was the victim of a malicious software attack and, if he was, what kind of malware was used.
In posts to twoplustwo he claims to be a Mac user, which means that any malware used would have to work on that platform. Also unclear is whether Lock Poker provides any insurance for online holdings, or any monitoring to prevent sudden and unexplained account-to-account transfers.
LockPoker declined to comment. "We cannot disclose any findings of any investigation for privacy and security concerns," the company said in an email to Naked Security. "Rest assured, we put a significant amount of time, resources and technology in minimizing the chances of fraud occurring."
Online poker forums are a popular target for hackers, given the large sums of money that change against online gaming. In fact, twoplustwo was a victim of a hack in April that reportedly compromised the accounts of forum members.
In March, 2011, a 29 year-old man received two years in prison for hacking into a computer server, stealing and then laundering 400 billion virtual poker chips from the online gaming firm Zynga worth an estimated $12 million.
Past attacks, however, have focused on online poker platforms as much as players.
In 1999, researchers (including Adobe’s security boss Brad Arkin) famously identified an off-by-one error in a shuffling algorithm used by the Web site PlanetPoker.
That allowed the researchers to predict the outcome of supposedly "random" virtual deck shuffles used on the site.
Follow @paulfroberts
Follow @NakedSecurity
Poker player image from Shutterstock.
Tags: 2+2, account hijack, account takeover, Gaming, hacking, Lock Poker, mac, Malware, No Limit Hold 'Em, Poker, poker chip
