Spammers bust Microsoft's CAPTCHA system

By siliconindia   |   Tuesday, 17 February 2009, 19:34 IST
Printer Print Email Email
Bangalore: Spammers have once again ramped up the siege on Microsoft's Live Hotmail services, by busting Microsoft's latest, redesigned CAPTCHA system. Near the end of 2008, Microsoft reworked its CAPTCHA authentication, attempting to prevent further automatic registrations by computer programs and automated bots, and preserve CAPTCHA's usability and reliability. As the latest attack shows, those efforts have failed. The spammers' attack strategy includes more than registering email accounts using anti-CAPTCHA operations; sending mass emails over the Internet; infecting thousands of user machines; and stealing information. Their strategy also includes developing a successful business model that focuses on advertising products and services, and reaching users with increasing success rates. Thus, spammers have been relying on the trusted reputation of Microsoft to carry out a wide range of attacks over the Internet. Anti-CAPTCHA operations carried out by spammers to date can be clearly viewed as escalating steps in a persistent cycle. Every time Microsoft implements CAPTCHA changes to combat abuse of their services, the spammers adapt to those changes. Spammers have increased the sophistication of their anti-CAPTCHA response with this latest attack. Previous anti-CAPTCHA operations consistently used automation (sign-up, CAPTCHA break, and account creation) that consisted of straightforward, templated command and control instructions. The latest attack uses automation with encrypted communication between spammer bot servers and compromised machines.