CAPTCHA Compromised – Spam Ensues


Anti-spam services have been forced to delay messages from Gmail and Yahoo due to growing abuse of the mail services to send spam. Over recent months security firms have reported that the Windows Live CAPTCHA used by several online mail providers, as well as many other sites, have been broken by automated attacks.

Every Internet user has probably entered a code at some point in time-“let us know you are human”, “man or machine”-CAPTCHAs, Completely Automated Public Turing test to tell Computers and Humans Apart help ensure that online accounts can’t be created until a user correctly identifies letters depicted in an image. The tactic is designed to frustrate the use of automated sign-up tools by spammers and other miscreants.

With Gmail accounts set up, spammers are able to gain access to Google’s services and receive an address whose domain is highly unlikely to be blacklisted. This helps them defeat one aspect of anti-spam defences. Anti-spam filtering services have responded by slowing down the connection using mult-stage scanning and filtering processes. This is designed to make it difficult for spammers using botnets to send spam through compromised webmail accounts.

Contrary to original ideas that automated tools had been developed to defeat security checks and establish webmail accounts, cyber criminals are employing sweatshops in India for as little as $4 a day to defeat anti-spam security checks, according to a recent analysis by net security firm Trend Micro. Previous systems to solve the CAPTCHA security check included the creation of a virtual stripper programme that awarded dupes with the removal of an item of clothing when they typed text shown in an accompanying image, served up from a web service sign-up CAPTCHA.

An analysis of spam trends in February 2008, by MessageLabs, revealed that 4.6 per cent of all spam originates from web mail-based services. The proportion of spam from Gmail increased two-fold from 1.3 per cent in January to 2.6 per cent in February. Yahoo! Mail was the most abused web mail service, responsible for sending 88.7 per cent of all web mail-based spam.


Source by Christopher Spence

Leave a Reply