Odlanor Poker Spyware Analysis

There’s been a flurry of recent articles focused on the Odlanor spyware that reportedly targets online poker players. A news release regarding Odlanor from security firm ESET triggered coverage from sites such asSlashdot, Business Insider, and dozens of others.

Coverage blows threat out of proportion

But it seems that some in the media and the general poker population have blown this story out of proportion.

Headlines like “The great online poker scam” and “Hackers Use Malware to Cheat at Online Poker” make it appear that online poker players are facing a new (and immediate) risk of losing their money to malware-enabled cheating.

I have even heard from iGaming opponents that this is another reason as to why online poker should be banned.

Reality is far from headlines

The reality is that this piece of malware is no different from other client side attacks. These types of attacks that target users are not unique to the poker community.

It has been our experience when responding to breaches that the most common entry point into an organization’s network are users who have been compromised via a phishing attack or other client side attack that installs malware or a remote administration tool.  From there the attacker pivots to other systems on the network.

Large companies like Sony have been impacted by this attack, so it is not surprising that a certain percentage of online poker players are also affected.

Nor is the fact that Odlanor targets online poker sites in any way unique. Yes, as documented by ESET when they reversed engineered the malware using a disassembler (a tool used to determine what functions the code was performing) there were specific calls that searched forFull Tilt and PokerStars program windows.

But there are countless examples of attacks in the past that targeted players with variations on remote access exploits in order to view a player’s hole cards.

Finally, it’s worth noting that ESET puts total observed Odlanor infection at “several hundred users.” According to Amaya, there were 2.3 million total active real-money users at PokerStars and Full Tilt in the second quarter of 2015.

Basic security steps significantly reduce any threat

Most of the time users are infected because they are not following best practices when it comes to computer security.

This article I wrote for Pokerfuse summarized the core habits poker players should internalize to minimize risk, including basic steps like:

  • Use antivirus (not 100% effective, as it is signature based).
  • Keep your system patched.
  • Use strong, unique passwords and logins.
  • Use two-factor authentication whenever possible.
  • Don’t click on links in suspicious emails.

However, probably the best advice is to use a dedicated system for playing online poker – eithera separate physical system or a virtual machine dedicated to iGaming on your primary workstation.

Following this advice would make it far less likely that your gaming system will become compromised.

What steps can operators take?

Another question I have heard being asked is why are the poker sites not taking any actionagainst this threat?

The answer is because these attacks are targeted against the players, not the operator or the game servers.  There is little the operator can do.

The truth is that in regulated environments such as New Jersey there are information security requirements that operators must adhere to in order to secure the online gaming infrastructure and application.  Sites attempt to help protect players by forcing them to use strong passwords, making multi-factor authentication available, and performing data analysis in order to detect cheating.

But they can only do so much. Ultimately, the primary responsibility to protecting a player’s account lies with themselves.

What is important to remember is that this is not a new threat. Online poker is no less safe than it was last week.  But it is an important reminder for players to remain vigilant and follow computer security best practices.

This article was originally published in the September issue of Online Poker Report