Gambling Federation Malware

jmildstone

Dormant account
Joined
Feb 1, 2005
Location
Vermont
5 days ago my wife installed Pinklady Casino (GFED sister casino),following night,
I felt like playing some black jack at www.theblackjacktable.com, I just couldn't access their page,
I thought they where having down time so called it for that night, Next day same thing happened so I contacted support ,
they told me that their casino was running fine and that were not doing maintenance of any kind to their site.

They advised me to clean up my cache, cookies and temporaries files which I did and guess what....

I was having the same problem.

Next day I called them again and one of the supervisors said that the problem may be was on the ISP end, funny thing is that at my office we use the same ISP and theblackjacktable.com site works fine from work.

So I took my home computer and plugged it at work - I still had problems accessing their site .

At this point I felt like throwing my home computer off the window,so tried again with my friends laptop and then with my computer at work,
we both had access to theblackjacktable.com.

The tech guy took my Home PC to IT Department and this is what he found out

-----------------------------------------------------------------------------------------------------------------


The installation process from G-FED Casinos modifies 7 files,one of this files is

called "hosts" located in the following path

C:\windows\system32\drivers\etc\hosts

GFED casino software has altered this file and add a spyware on it.

Regularly a computer use a host file to resolve dns names when their is a software
installed on the computer.This Spyware denies access to other casino sites.

Before installing the GFED -PINKLADY casino hosts file is about 2 Kbytes, after
software installation almost doubled its size to 4.40 k bytes,

Now you may think what makes this file so big??

First of all the original file is about 19 lines, GFED insert 1175 blank lines and in the

last line they add the following line 255.255.255.255 www.theblackjacktable.com

----------------------------------------------------------------------------------------------------------------------------

Now i can play theblackjacktable.com., because the tech guy flushed my computer....
 
This would be a trojan, not spyware, but very nasty indeed, and it would justify rogueing the casino involved.
 
Bad bad bad

I'm an IT guy myself and for any software to modify that host file is a cause for concern. That's much more than spyware that's "hacking". If Gambling Federation indeed did that, they owe an explanation.
 
Thats all we need! Casinos trying to eliminate the competition right on our computers! :eek:


BTW I love the card symbols on the message buttons, nice touch! :)
 
Last edited:
Thank you for the advice, I finally found the problem I was getting in my computer around a month ago.

What really concerns me is if they do not care in hacking their customers computers, what can they do to their games???

Absolutely!! They have fixed games. I am blocking them now!!!
 
i'm a network administrator as well, if anyone can pm a copy of said malware i can ask around to see if anything can be done against this kind of despicable violation of privacy from a legal standpoint
 
this is unbelievable, i tried it and installed pink lady casino.
indeed, after starting the casino for the first time it wrote the entry "www.royaldutchcasino" pointing to the IP 255.255.255.255 in my host file. this means you can't access this homepage anymore as every time you enter the web address you'll be redirected to the wrong IP. this is the behaviour of annoying malware, and I believe every gfed casino will behave in that way because all gfed affiliated casinos are downloaded from subdomains of gfed's main site. Boycott them!
 
I want to know the position of Interactive Gaming Gambling and Betting Association (iggba.org.uk), Interactive Gaming Council (www.igcouncil.org), Gambling Comission
You do not have permission to view link Log in or register now.
about this.
They have their seals of endorsments in all Gambling Federation Sites, and this is unacceptable and go against all their fairness principles.

Below how the hosts file looks like after they modify it:


# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost


255.255.255.255 www.theblackjacktable.com




255.255.255.255 www.casinoxo.com





255.255.255.255 www.theblackjacktable.com
 
This stuff is dynamite that could introduce Gambling Federation to a world of you-know-what in several sectors, not least of which is inserting malware on players' computers and subverting other businesses.

G-Fed is also a member of the iGGBA who might be interested in hearing about this.

We're following up with G-FED to get their version of events, but this is going to be mighty hard to explain away.

I wonder how many other online casinos have been *blocked* in this manner
 
Spear is correct...from Casinomeister News quoting an IGC release earlier this year:

QUOTE Two new directors have been elected to the IGC Board: Flaviano Fogli and Alfred E. (Freddie) Ballester. Fogli is general manager of Azur Media, an Internet marketing firm in Saint Laurent, Quebec. He is also the chief executive and a founder of the Gambling Federation, which provides services to online casino operators. A native of Italy, he moved to Canada, where he now lives, to complete his MBA.UNQUOTE
 
This is some pretty serious shit. Is this pinkladycasino specific, or have others been detected as well? I'm just wondering if the download file has been tampered with, was it done at the casino site, or does this go further.

Also:
jmildstone said:
Now i can play theblackjacktable.com., because the tech guy flushed my computer....
Can any one of you IT guys give a step by step process to detect and remove these files or comments. I'm sure everyone will appreciate this. Not everyone has tech guys at their disposal :D
 
Well I just downloaded Pinkladycasino direct from Pinkladycasino.com with no affiliate tag involved, and guess what?

jmildstone said:
The installation process from G-FED Casinos modifies 7 files,one of this files is

called "hosts" located in the following path

C:\windows\system32\drivers\etc\hosts

GFED casino software has altered this file and add a spyware on it.

Regularly a computer use a host file to resolve dns names when their is a software
installed on the computer.This Spyware denies access to other casino sites.

Before installing the GFED -PINKLADY casino hosts file is about 2 Kbytes, after
software installation almost doubled its size to 4.40 k bytes,

Now you may think what makes this file so big??

First of all the original file is about 19 lines, GFED insert 1175 blank lines and in the

last line they add the following line 255.255.255.255 www.theblackjacktable.com

...I can confirm this. The C:\windows\system32\drivers\etc\hosts file WAS modified - and theblackjacktable.com, www.casinoxo.com, and royaldutchcasino.com were all listed. I tried to access Royal Dutch Casino -- website not found error message. I went back to this "hosts" file and removed the royal dutch comments (there were two of them) and now I can access their page.

This is a low down nasty deed. For shame Gambling Federation.
 
The hosts file is at C:\windows\system32\drivers\etc\hosts on XP, you can just edit it with your favourite text editor. Make sure that you save it without any extension, notepad may save it as hosts.txt and you may have to rename it manually.

Several viruses use the hosts file trick to stop you from accessing anti-virus sites. There may be anti-virus or anti-spyware software that monitors the hosts file and alerts the user if something is trying to modify it. You can still access a site if you know its numeric IP address.

It would be worth submitting this to anti-virus companies. Being detected as a trojan would be very embarrassing for Pink Lady/G-FED.
 
GrandMaster said:
The hosts file is at C:\windows\system32\drivers\etc\hosts on XP, you can just edit it with your favourite text editor. Make sure that you save it without any extension, notepad may save it as hosts.txt and you may have to rename it manually.

Thanks Grandmaster - I've got a handle on this.

By the way, I've just downloaded Goldenballs - same friggin' thing. This is unbelievable.
 
Commodore Casino...same thing.

I'll be posting a warning about this by the end of the day (today is guitar day - so it may take some time).

This is total BS.
 
This is starting to look as if it is endemic to GF software and not confined to just one of their sites.

I wonder how the three blocked casinos were selected by whoever is responsible for this? Royal Dutch is DDS software, I'm not sure about theblackjacktable and casinoxo.

I think GF is based in Canada, which explains (timezone difference) why they are not responding yet.
 
jetset said:
This is starting to look as if it is endemic to GF software and not confined to just one of their sites.

I wonder how the three blocked casinos were selected by whoever is responsible for this? Royal Dutch is DDS software, I'm not sure about theblackjacktable and casinoxo.

I think GF is based in Canada, which explains (timezone difference) why they are not responding yet.
IGC is already looking into this.

theblackjacktable belongs to
You do not have permission to view link Log in or register now.
which is some no-name brand software (I believe) coming out of Costa Rica.

casinoxo is merely a directory sitting on a porno/casino server ULTSEARCH.COM. And we know about Royal Dutch already.

Apparently these three sites pissed off someone at GF (that's my guess). Good thing I didn't piss anyone off there, they could have added Casinomeister.com to their list and anyone who would have downloaded GF software would have been blocked out of here.
 
Maybe Royal Dutch Casino threatened to report Gambling Federation to the US Office of Homeland security? :lolup:
 
List of Gambling Federation Casinos

Please note, this list is not exhaustive; I'm sure I missed some. If you have ever downloaded this software, please check your "host" file for modifications:

Link Removed ( Old/Invalid)
Outdated URL (Invalid)
You do not have permission to view link Log in or register now.

Link Removed ( Old/Invalid)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Link Removed ( Old/Invalid)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Outdated URL (Invalid)
Outdated URL (Invalid)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Link Removed ( Old/Invalid)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Outdated URL (Invalid)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Outdated URL
Outdated URL (timeout)
You do not have permission to view link Log in or register now.

You do not have permission to view link Log in or register now.

Link Removed ( Old/Invalid)
 

Users who are viewing this thread

Meister Ratings

Back
Top