Spammers’ Software Breaks into CAPTCHA
Spammers are applying a sophisticated program that can set up thousands of e-mail addresses on Windows Live by breaking through the protection system designed to stop any massive creation of fake accounts, a security researcher said on February 7, 2008.
Vice-President of Security Research, Dan Hubbard, for Websense Inc. said that the software was created to crack 'Completely Automated Public Test to Tell Computers and Humans Apart', or CAPTCHA, defenses. These are scrambled distorted character codes in use by many Web services to prevent automated generation of large-scale accounts simultaneously. ComputerWorld published this in news on February 7, 2008.
The new software seizes the CAPTCHA and transmits it to the remote server of the spammer who manages to read the image and generate a lucid text to match it.
The text piece is subsequently returned to Live Mail to be plugged to the window where users type the CAPTCHA alphabets. Normally, the software sends back accurate responses as many as 30%-35% of the attempts to successfully create an e-mail account.
When the CAPTCHA image arrives on the server, spammers run an OCR (Optical Character Recognition) process on it or read the image by using any of the CAPTCHA 'busters' tools. Alternatively, they might have people who view the CAPTCHA images and type down the characters. This second method of interpreting the image, however, is less likely.
Spammers wanting a lot of non-chargeable e-mail accounts have encouraged them to create this fraudulent software. Once they use these addresses, they then discard them or use them for a day or two. That is approximately the longevity of a spam account.
Live Mail and competitors like Yahoo! Mail are the chosen targets for this kind of spammers. As services of Live Mail and Yahoo! Mail are free, blacklisting anti-spam products cannot block their domains. Also, their control of millions of e-mail accounts makes it convenient for all of the spamming Ids to remain hidden in the mass of accounts.
Meanwhile, findings of Websense mark people's claims of cracking CAPTCHA. In January 2008, John Wane, a Russian Software Developer, posted software capable of defeating Yahoo's CAPTCHA system.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 16-02-2008