Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Spammers Again Manage to Crack CAPTCHA

According to security company Websense, spammers have already busted the new CAPTCHA techniques that Microsoft reworked at the end of 2008. A detailed study indicates that spammers are using a new trick to beat the CAPTCHA to take probable attack environments to levels that are more advanced and sophisticated.

The reports state that the new technique of cracking CAPTCHA begins in the same way as in the previous CAPTCHA-cracking methods by using bot-infected compromised computers, controlled remotely, to furnish key information like password, name and country of the client that Hotmail asks during sign-up. Subsequently, the Hotmail-presented CAPTCHA image is uploaded on a distant server where the image is decoded, prior to returning it to the consumer so that the process of creating the bogus account continues.

The new CAPTCHA-breaking attack has an innovative character - using of an encrypted medium for the zombie computer and the distant host to communicate between themselves; thus, making spotting and stopping of such web traffic harder.

Moreover, Websense's study of the attack indicates that this operation would attain success in the proportion of 1 in every 5-8 hacking attempts, sufficient to provide the spammer with a bountiful return given that there is the possibility of creating voluminous accounts.

Security researchers at Websense state that CAPTCHA is very important for Microsoft since it is meant to prevent spammers from creating bulk numbers of phony accounts to be used to relay spam, while exploiting the fact that filtering services and anti-spam gateways trust Hotmail domain. spammers are taking advantage of such reliable domains to raise the possibility of a spam message to dodge past these obstacles.

Moreover, Websense said that whenever Microsoft tried to enforce changes in CAPTCHA to stop spammers from invading it and acquiring control over accounts, the miscreants are able to adapt to the changes and accordingly beat them.

Carl Leonard, Threat Researcher at Websense, states that although Microsoft is taking action against the problem, hijacked accounts are so precious to spammers that they always manage to break through any new safeguard, as reported by ITPRO on February 16, 2009.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 27-02-2009

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next