New Spam Worm Splits into Gmail CAPTCHA
The Vietnamese Security Firm, Bach Koa Internetwork Security (BKIS), claims that it has discovered a new worm that ruins Google's CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) for registering fake Gmail accounts to launch spam.
The security company labels the worm as W32.Gaptcha.Worm. The researchers from BKIS says that once a system in attacked with the worm, it opens the Internet Explorer browser and reaches at the Gmail's webpage of new account registration. It starts to fill in arbitrary names of false users. On facing a CAPTCHA, this worm sends the image to an inaccessible server to get processed, where it is decoded and then given back to the worm so that the worm can close the account registration process.
After several account registrations, when Google ultimately obstructs the specific system creating those fake accounts, the worm then eliminates it. The BKIS researchers clarified that this results into one more mail account each time, from which 99.9% of the Internet users are annoyed by offering them free money and Viagra.
The security experts claimed that this is one more case of hackers' advancement and sophistication. The security companies have grown busier in the last few years to find new ways to deal the hackers who use advanced methods to produce bogus accounts.
These fake e-mail accounts are precious for hackers. Mails which are sent from those accounts have a good chance of surpassing the anti spam filters as it comes from a reputed domain; however, firms use other techniques like text analysis to pull-out trash email.
CAPTCHA refers to any distorted text which a user must solve to create a new e-mail account. It is tough for systems to decipher the text, but upgradation in technology used by hackers is making it less reliable.
Further, a CAPTCHA has not been broken for the first time. During February 2009, Live Hotmail CAPTCHA System of the Windows was attacked. But Google, planning to put a new twist on CAPTCHA, is asking users to locate the top of an arbitrarily rotated, but cautiously chosen image.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 29-04-2009