Gmail CAPTCHA Broken by Russian Spam Bots
CAPTCHA, the defense system responsible for prevention of several automatic registrations of falsified accounts at Gmail, is broken after similar broke down in Yahoo! and Microsoft Live webmail services, as reported by webplanet.ru on 15 February 2008.
As per the news, the illustration of malevolent code of Gmail was published in the blog, expert on security-urs molotoff.blogspot.com. The spammer bot is spread in the form of Trojans, after some users' computers are infected. The bot captures Gmail captcha and forwards it to a particular server which recognizes the captcha and sends the outcome to bot, thereby enabling the bot to register as new user and initiate spamming.
Internet specialists warned e-mail users that they ought to confirm the reliability of messages received from free web mails, like Google as the CAPTCHA sign-up technology was hacked, in the IP address of server about which bot requests for commands.
Experts also said that the drivers used to send sky bot are making reference to the Russian Website. To solve the problem and to avoid the bots, recommended Web services like classic visual captcha have to be replaced by more effective "tests humanity."
Spam servers address has not been revealed in the illustration but the owners of security blog confirms to Webplanet that bot is related to a site in Russian language. Evidently, this would lead to increase spam's flow from that Web address. Using computerized script, hackers will now generate e-mail addresses centering on various subjects, for instance, on chief software vendor's name, and producing requests for money or personal information.
Few groups of "Russian researchers" demonstrated the procedure of breaking Yahoo! captcha with the identification rate of 35% in January (2008). After few weeks, Windows Life captcha was also cracked. However, the security systems from Microsoft, Google and Yahoo! were presumed to be secure enough and that is why these three are not included in anti-spammers "black lists".
Now anti-spam filters have started facing problem as they fail to block 100 to thousands of Google accounts on daily basis. They were expecting to have more advanced Turing tests on Web, otherwise Philip Dick's tests for androids or Google Androids if the situation persists, specialists say.
Related article: Gmail Users at the Mercy of Firefox Exploit
» SPAMfighter News - 21-02-2008