07.02.2008
Spammers are using a bot to sidestep barriers that Microsoft Corp. has erected to keep scammers from creating massive numbers of accounts on its Live Mail service, a security researcher said Thursday.
Dan Hubbard, vice president of security research at Websense Inc., said the bot was designed to break CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) defenses, the distorted, scrambled character codes many Web services use to block automated registration of hundreds or thousands of accounts at a time.
The bot, said Hubbard, grabs the CAPTCHA -- which is not plain text but actually an image -- and sends it back to the spammer's server, where the image is somehow "read" and a clear text match generated. The text is then sent back to Live Mail, where it's plugged into the box where users normally type the CAPTCHA characters.
On average, the bot returns the correct response 30% to 35% of the time, Hubbard claimed, and successfully creates an account.
"This is the first time that we've seen a bot like this," Hubbard said, "at least one that does the full loop of coming up with the CAPTCHA and registering an account."
Some specifics of the account-creation scam are still murky, he admitted. "What we don't know is what happens on the back end, at the spammer's server." Once the CAPTCHA image reaches the server, the spammers could be running it through some kind of optical character recognition (OCR) process or using one of several CAPTCHA "busters" tools. Or there could be people viewing the images, then typing in the character code, although Hubbard said that was unlikely.
» Android » Apple » Blackberry » Bring your own device
» Cloud Computing » Dienstwagen » E-Commerce » E-Mail
» Facebook » Interim Management » iPad » iPad Apps
» iPhone » Linkedin » Office 365 » Projektmanagement
» Recruiting » Rolle des CIO » SaaS » Scrum
» SWOT-Analyse » Top-CIOs » twitter » Virtualisierung
Newsletter von CIO.de
