The news was so big that mainstream media caught the story even before poker outlets reported it. Odlanor was named as online poker enemy number one, and players around the world have been and still are susceptible to being cheated by it.
While the overview of the story has been covered in great detail, many questions persist. For example…
- How dangerous is Odlanor beyond the table?
- Can poker players delete Odlanor and be safe going forward?
- Are there any long-term solutions to problems that have plagued online poker since its inception?
- What role do HUDs play in overall player safety or lack thereof?
For some of these answers, we consulted Dr. Avi Rubin, Professor of Computer Science and Technical Director of the Information Security Institute at Johns Hopkins University. It just so happens that he is also an avid poker fan and player.
ESET is a company dedicated to online security and safety. Its website announced on September 17 that Odlanor – officially Win32/Spy.Odlanor – was detected as spyware that infected several hundred online poker players via a unique trojan.
Basically, the malware finds its way to installation through Daemon Tools or uTorrent when online poker players install online poker programs like Tournament Shark, Poker Calculator Pro, Smart Buddy, and Poker Office using Windows. Players often use those tools to improve their online games, but by downloading via the wrong installer, the malware is installed as well.
The trojan then secretly takes screenshots of specified hole cards and transmits that information to the person(s) running the program. The cheater can then sit at the cash game table and win money from the victim using the unfair advantage of knowing the opponent’s hand. However, it is unclear whether the spyware user plays manually or through a bot, but ESET detected the program mainly in Eastern European countries, with Russia and Ukraine hosting a combined 71% of infected machines to date.
Dangers On and Off the Tables
The risks to online poker players while playing on PokerStars and Full Tilt – the two targeted sites named in the investigation – is obvious. Dr. Avi Rubin notes, “This malware is very dangerous for anyone playing online poker… There is a bigger threat in cash games than in tournaments because attackers can find you in a cash game and join your table. Depending on how savvy they are, the attackers could slowly beat you without your knowledge once they are seated at your poker table.”
But the vulnerability of anyone whose machine is infected goes further. “Another danger is that once the attacker gets the Odlanor malware on your computer, they have access to that machine, and they can easily use that access to distribute additional malware that can perform arbitrary actions on your machine,” says Rubin. “That would include stealing your passwords and Web cookies, accessing your financial records and all of your office files, for example.”
Beyond Odlanor, there Rubin seems certain that other programs are currently targeting major online poker and gambling sites. “I’m certain there are other malicious programs out there that have not been discovered or identified. If you find one, you know there are a dozen more hidden ones out there.”
Rubin feels that many of those programs cannot even be detected. With the ability to change signature each time they run, scanners are unable to detect them. These are particularly dangerous on Windows machines.
The most obvious and immediate solution is to check your computer for Odlanor, uninstall any related programs, and change all passwords stored on your machine. ESET offers a free scanner to get started.
Neither PokerSTars nor Full Tilt released public statements via their websites or emails to customers about extra player protections. It should be noted that the sites are not responsible for the malware and do not even condone the use of the types of programs that contain the trojans.
PokerStrategy was able to obtain a statement from PokerStars upon request:
“PokerStars and Full Tilt are aware that some players’ computers have been targeted by malicious software. An initial review of gameplay for those accounts where we believe this malware was present found no evidence that these players have lost funds due to unfair play. In line with our constant goal for utmost security, we recommend that players protect themselves against this sort of attack by practicing good computer security. Players should keep their operating system updated, use reliable anti-virus software, and only install software from reputable sources.”
Rubin has developed an idea, outlined in a white paper to protect online poker players. Poker sites would have to support the proposed software, which is still in the development stage. Rubin and his team plan to release the software in open source on the Internet in October as a free resource.
The solution allows players to run online poker on a computer while using an alternative device, like a mobile phone or tablet, to display hole cards. This video explains it in the simplest terms:
According to Rubin, “Odlanor can run on your machine, but it is unlikely the malware is also running on your smartphone or tablet. The bar is significantly higher for the attacker if the hole cards are not anywhere on the compromised computer.”
Online poker tracking software is connected to the current malware scare only in that it is transmitted through players downloading tracking programs from unsafe sources. Of course, if major online poker sites prohibited the use of HUDs altogether, Odlanor would not have been able to gain access to computers with the methods it used. In more general terms, however, those like Rubin do not connect HUDs and malware problems. “I don’t think the elimination of HUDs would have any effect on the malware problem,” says Rubin, noting they are separate issues.
US versus the World
Odlanor infected computers through the illegally-downloaded tracking programs and seemed to aim its harm at Eastern European players. Allowed to continue, however, the issue could have spread like a wildfire to players in many other parts of the world.
With immensely strict regulations in countries like France and Italy, and in American states like New Jersey and Nevada, one might think that players in those countries were protected. But since the hackers used malware transmitted through Windows programs, no level of governmental regulation would have detected or stopped it. Should PokerStars already be operating in New Jersey at this time, players there would have been at risk as well.
“I think all online players anywhere who are using a Windows-based Intel machine are always going to be vulnerable to hidden malware,” says Rubin. “That’s why we see so many successful computer breaches, and for every one we hear about, there are a dozen more that aren’t discovered.”
In short, all online poker players must be careful. They are putting every bit of information on their computers at risk when they use programs downloaded from unreliable sources. And until poker sites themselves limit the use of programs that are able to run alongside the action, players will continue to be susceptible to hackers.