F-Secure corporation, a Finnish security firm, released an advisory today for a rackeback calculator (RBCalc.exe) available from the poker site CheckRaised.com. The software secretly installed a Trojan on it's users computers, designed to steal login info for various poker sites, including PartyPoker and Empire Poker.
The trojan is not detected by popular anti-virus programs like Norton Anti Virus or Microsoft Defender but can be removed manually. CheckRaised has published instructions here explaining how to remove the trojan. CheckRaised also recommends to change all passwords for poker sites if your computer is infected. If you don't feel comfortable visiting CheckRaised you can also visit the advisory from F-secure and follow instructions from there.
Even if you have never used this particular rakeback calculator it is still a good idea to check your system for the trojan, because there is a possibility the trojan could have come bundled with other poker tools.
According to F-Secure the trojan was installed silently in the Windows system32 directory when a user installed the Rakeback calculator, using a so-called "rootkit" to conceal it's installation and subsequent operation.
The trojan was specifically designed to collect login info for various poker sites, and to send this info back to the author of the program. The author could then empty the infected accounts by playing against himself from the infected accounts and losing on purpose.
CheckRaised has issued a statement in which it apologizes for any trouble it's rakeback calculator may have caused. The rakeback calculator was developed by a 3rd party contractor who attached the trojan to the executable without the knowledge of CheckRaised. The site has stopped offering the rakeback calculator and has submitted all necessary info to CERT, Symantec, McAfee, and TrendMicro.