Spammers Again Manage to Crack CAPTCHA

According to security company Websense, spammers have already busted the new CAPTCHA techniques that Microsoft reworked at the end of 2008. A detailed study indicates that spammers are using a new trick to beat the CAPTCHA to take probable attack environments to levels that are more advanced and sophisticated.

The reports state that the new technique of cracking CAPTCHA begins in the same way as in the previous CAPTCHA-cracking methods by using bot-infected compromised computers, controlled remotely, to furnish key information like password, name and country of the client that Hotmail asks during sign-up. Subsequently, the Hotmail-presented CAPTCHA image is uploaded on a distant server where the image is decoded, prior to returning it to the consumer so that the process of creating the bogus account continues.

The new CAPTCHA-breaking attack has an innovative character - using of an encrypted medium for the zombie computer and the distant host to communicate between themselves; thus, making spotting and stopping of such web traffic harder.

Moreover, Websense's study of the attack indicates that this operation would attain success in the proportion of 1 in every 5-8 hacking attempts, sufficient to provide the spammer with a bountiful return given that there is the possibility of creating voluminous accounts.

Security researchers at Websense state that CAPTCHA is very important for Microsoft since it is meant to prevent spammers from creating bulk numbers of phony accounts to be used to relay spam, while exploiting the fact that filtering services and anti-spam gateways trust Hotmail domain. spammers are taking advantage of such reliable domains to raise the possibility of a spam message to dodge past these obstacles.

Moreover, Websense said that whenever Microsoft tried to enforce changes in CAPTCHA to stop spammers from invading it and acquiring control over accounts, the miscreants are able to adapt to the changes and accordingly beat them.

Carl Leonard, Threat Researcher at Websense, states that although Microsoft is taking action against the problem, hijacked accounts are so precious to spammers that they always manage to break through any new safeguard, as reported by ITPRO on February 16, 2009.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 2/27/2009