Spammers bypass CAPTCHA
p2pnet news | Advertising:- SPAM is the curse of the Net. More money is possibly spent on trying to eradicate it than on anything else, but it goes on. And on. And on ………
Now Websense Security Labs says spammers are successfully targetting Google’s Gmail, by-passing CAPTCHA.
Explains the Wikipedia:
A CAPTCHA (IPA: /?kæpt??/) is a type of challenge-response test used in computing to determine whether the user is human. The process involves one computer (a server) asking a user to complete a simple test which the computer is able to generate and grade. Because other computers are unable to solve the CAPTCHA, any user entering a correct solution is presumed to be human. A common type of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen.
However, spammers have managed to created bots capable of signing up and creating random Gmail accounts for spamming purposes, says Websense.
To what purpose?
"First, signing up for an account with Google allows access to its wide portfolio of services," says the company.
"Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis."
Websense says it believes these accounts could be used by spammers at any time for abusing Google’s infrastructure.
"A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google," it states, adding:
"It is observed that at this stage bots (or bot-infected machines) are trying to sign up as many accounts as possible with Gmail mail services. One of the main concerns here is attacking CAPTCHA. Unfortunately, spammers seem to have success with it. The bot is signing up an account feeding all the prerequisites or input data that goes into the signup page and successfully creating a mail account.
"Considering the normal / routine process involved in signing up a web mail account (Gmail), CAPTCHA authentication is a must for a successful signup. Since a bot is creating an account successfully, it is obvious that CAPTCHA is broken."
Also See:
Websense Security Labs – Google’s CAPTCHA busted in recent spammer tactics, February 22, 2008
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.
February 27th, 2008 at 2:40 pm
If optical character recognition is not used, it is very likely that spammers have figured out the pattern to the generated information. If that is not the case, I would not put it beyond spammers to have written a program that sends captchas to the computers of people who get paid a small amount for each captcha successfully completed. Spammers are very innovative critters.