NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA List Master

NRT-0386 Spammer's Bot Cracks Microsoft's CAPTCHA:


A security researcher said spammers are using a bot to sidestep barriers that Microsoft has erected to keep scammers from creating massive numbers of accounts on its Live Mail Service. The vice president of security research at Websense Incorporated said the bot was designed to break CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) defenses, the distorted, scrambled character codes that many web services use to block auto- mated registration of hundreds or thousands of accounts at a time. The bot grabs the CAPTCHA - which is not plain text but actually an image - and sends it back to the spammer's server, where the image is somehow "read" and a clear text match is generated. The text is then sent back to Live Mail, where it's plugged into the box where users normally type the CAPTCHA characters. He claims, on average, the bot returns the correct response 30% to 35% of the time and successfully creates an account. Live Mail and rivals such as Yahoo Mail are favorite targets for spammers because the services are free, their domains can't be blocked by blacklisting antispam tools, and the millions of accounts they control make it easy for the spamming addresses to hide in the crowd. Websense's findings mark the second time in less than three weeks that CAPTCHA-cracking claims have been made. Last month, a Russian programmer using the alias "John Wane" posted a decoder he said could crack Yahoo's CAPTCHA system 35% of the time.

(ComputerWorld 07FEB08)


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Sunday, 17-Feb-2008 13:38:32 EST