t was a quiet Thursday night on May 11, 2006, when I decided to try my hand in a poker tournament on the Ladbrokespoker.com Web site. Ladbrokespoker.com is the busiest poker site in Europe with regular traffic of more than 5,000 players, usually reaching its peak in the evening hours.
Ladbrokespoker.com is powered by the Microgaming Poker Network, and promotes upcoming poker events by periodically sending a simple message box to all of their clients. However, on this particular Thursday night, instead of receiving a message box promoting an upcoming tournament, I received a message box that stated the following:
“Dear Ladbrokes Members : An employee of LADBROKES.COM steals $30,000,000 (Thirty-Million-Dollars) from Ladbrokes players accounts, all the players have the right to know ... http://www.ladbrokes-bbc.net/”
To the untrained eye, the URL in the message box appeared to be for an official BBC Web site; however, it linked to a site that was a spoof, displaying a concocted story that a Ladbrokes employee had stolen $30 million. (Figure 1)
If you had clicked on any of the links on the spoof page, you were then prompted to install an executable which was actually Backdoor.Sekorbdal. (Backdoor.Sekorbdal will give an attacker remote access to an infected PC.) Just how the attacker was able to send out the rogue message boxes is still unclear. No details have been released on whether a hacker has exploited a vulnerability in the Ladbrokes site or hacked into their infrastructure, or if it was a rogue internal employee who has sent out the messages. When the Ladbrokes poker manager realized that these unofficial messages were being displayed, several attempts were made to warn users of the scam. (Figure 2)
The users were sent message boxes by the poker manager, advising them not to visit or download anything from the Web site. This effort coincided with a frenzy of fraudulent prompts and message boxes, with the entire affair lasting for about 15 minutes from start to finish.
For the unlucky victims who installed the malicious program, the attackers would have full control over their machines and the ability to steal Ladbrokes account information (providing the potential to rake in $30 million). Or, the attackers could simply view the victims' desktops remotely, wait for them to play poker online, and then they could play against them. How could they possibly lose if they can see the victims' cards?