Gambling Federation Malware

jmildstone

Dormant account
5 days ago my wife installed Pinklady Casino (GFED sister casino),following night,
I felt like playing some black jack at www.theblackjacktable.com, I just couldn't access their page,
I thought they where having down time so called it for that night, Next day same thing happened so I contacted support ,
they told me that their casino was running fine and that were not doing maintenance of any kind to their site.

They advised me to clean up my cache, cookies and temporaries files which I did and guess what....

I was having the same problem.

Next day I called them again and one of the supervisors said that the problem may be was on the ISP end, funny thing is that at my office we use the same ISP and theblackjacktable.com site works fine from work.

So I took my home computer and plugged it at work - I still had problems accessing their site .

At this point I felt like throwing my home computer off the window,so tried again with my friends laptop and then with my computer at work,
we both had access to theblackjacktable.com.

The tech guy took my Home PC to IT Department and this is what he found out

-----------------------------------------------------------------------------------------------------------------


The installation process from G-FED Casinos modifies 7 files,one of this files is

called "hosts" located in the following path

C:\windows\system32\drivers\etc\hosts

GFED casino software has altered this file and add a spyware on it.

Regularly a computer use a host file to resolve dns names when their is a software
installed on the computer.This Spyware denies access to other casino sites.

Before installing the GFED -PINKLADY casino hosts file is about 2 Kbytes, after
software installation almost doubled its size to 4.40 k bytes,

Now you may think what makes this file so big??

First of all the original file is about 19 lines, GFED insert 1175 blank lines and in the

last line they add the following line 255.255.255.255 www.theblackjacktable.com

----------------------------------------------------------------------------------------------------------------------------

Now i can play theblackjacktable.com., because the tech guy flushed my computer....
 

GrandMaster

Ueber Meister
CAG
This would be a trojan, not spyware, but very nasty indeed, and it would justify rogueing the casino involved.
 

bagofmaggots

Dormant account
Bad bad bad

I'm an IT guy myself and for any software to modify that host file is a cause for concern. That's much more than spyware that's "hacking". If Gambling Federation indeed did that, they owe an explanation.
 

dominique

Dormant account
Thats all we need! Casinos trying to eliminate the competition right on our computers! :eek:


BTW I love the card symbols on the message buttons, nice touch! :)
 
Last edited:

LatrellDG

Dormant account
Thank you for the advice, I finally found the problem I was getting in my computer around a month ago.

What really concerns me is if they do not care in hacking their customers computers, what can they do to their games???

Absolutely!! They have fixed games. I am blocking them now!!!
 

555YY

Dormant account
i'm a network administrator as well, if anyone can pm a copy of said malware i can ask around to see if anything can be done against this kind of despicable violation of privacy from a legal standpoint
 

mucullus

Experienced Member
this is unbelievable, i tried it and installed pink lady casino.
indeed, after starting the casino for the first time it wrote the entry "www.royaldutchcasino" pointing to the IP 255.255.255.255 in my host file. this means you can't access this homepage anymore as every time you enter the web address you'll be redirected to the wrong IP. this is the behaviour of annoying malware, and I believe every gfed casino will behave in that way because all gfed affiliated casinos are downloaded from subdomains of gfed's main site. Boycott them!
 

LatrellDG

Dormant account
I want to know the position of Interactive Gaming Gambling and Betting Association (iggba.org.uk), Interactive Gaming Council (www.igcouncil.org), Gambling Comission
You do not have permission to view link Log in or register now.
about this.
They have their seals of endorsments in all Gambling Federation Sites, and this is unacceptable and go against all their fairness principles.

Below how the hosts file looks like after they modify it:


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


255.255.255.255 www.theblackjacktable.com




255.255.255.255 www.casinoxo.com





255.255.255.255 www.theblackjacktable.com
 

jetset

RIP Brian
CAG
This stuff is dynamite that could introduce Gambling Federation to a world of you-know-what in several sectors, not least of which is inserting malware on players' computers and subverting other businesses.

G-Fed is also a member of the iGGBA who might be interested in hearing about this.

We're following up with G-FED to get their version of events, but this is going to be mighty hard to explain away.

I wonder how many other online casinos have been *blocked* in this manner
 

jetset

RIP Brian
CAG
Spear is correct...from Casinomeister News quoting an IGC release earlier this year:

QUOTE Two new directors have been elected to the IGC Board: Flaviano Fogli and Alfred E. (Freddie) Ballester. Fogli is general manager of Azur Media, an Internet marketing firm in Saint Laurent, Quebec. He is also the chief executive and a founder of the Gambling Federation, which provides services to online casino operators. A native of Italy, he moved to Canada, where he now lives, to complete his MBA.UNQUOTE
 

Casinomeister

Forum Cheermeister
Staff member
This is not a good situation. I am in the process of contacting the right people about this.
 

Casinomeister

Forum Cheermeister
Staff member
This is some pretty serious shit. Is this pinkladycasino specific, or have others been detected as well? I'm just wondering if the download file has been tampered with, was it done at the casino site, or does this go further.

Also:
jmildstone said:
Now i can play theblackjacktable.com., because the tech guy flushed my computer....
Can any one of you IT guys give a step by step process to detect and remove these files or comments. I'm sure everyone will appreciate this. Not everyone has tech guys at their disposal :D
 

Casinomeister

Forum Cheermeister
Staff member
Well I just downloaded Pinkladycasino direct from Pinkladycasino.com with no affiliate tag involved, and guess what?

jmildstone said:
The installation process from G-FED Casinos modifies 7 files,one of this files is

called "hosts" located in the following path

C:\windows\system32\drivers\etc\hosts

GFED casino software has altered this file and add a spyware on it.

Regularly a computer use a host file to resolve dns names when their is a software
installed on the computer.This Spyware denies access to other casino sites.

Before installing the GFED -PINKLADY casino hosts file is about 2 Kbytes, after
software installation almost doubled its size to 4.40 k bytes,

Now you may think what makes this file so big??

First of all the original file is about 19 lines, GFED insert 1175 blank lines and in the

last line they add the following line 255.255.255.255 www.theblackjacktable.com
...I can confirm this. The C:\windows\system32\drivers\etc\hosts file WAS modified - and theblackjacktable.com, www.casinoxo.com, and royaldutchcasino.com were all listed. I tried to access Royal Dutch Casino -- website not found error message. I went back to this "hosts" file and removed the royal dutch comments (there were two of them) and now I can access their page.

This is a low down nasty deed. For shame Gambling Federation.
 

GrandMaster

Ueber Meister
CAG
The hosts file is at C:\windows\system32\drivers\etc\hosts on XP, you can just edit it with your favourite text editor. Make sure that you save it without any extension, notepad may save it as hosts.txt and you may have to rename it manually.

Several viruses use the hosts file trick to stop you from accessing anti-virus sites. There may be anti-virus or anti-spyware software that monitors the hosts file and alerts the user if something is trying to modify it. You can still access a site if you know its numeric IP address.

It would be worth submitting this to anti-virus companies. Being detected as a trojan would be very embarrassing for Pink Lady/G-FED.
 

Casinomeister

Forum Cheermeister
Staff member
GrandMaster said:
The hosts file is at C:\windows\system32\drivers\etc\hosts on XP, you can just edit it with your favourite text editor. Make sure that you save it without any extension, notepad may save it as hosts.txt and you may have to rename it manually.
Thanks Grandmaster - I've got a handle on this.

By the way, I've just downloaded Goldenballs - same friggin' thing. This is unbelievable.
 

Casinomeister

Forum Cheermeister
Staff member
Commodore Casino...same thing.

I'll be posting a warning about this by the end of the day (today is guitar day - so it may take some time).

This is total BS.
 
Top