Spammers Defeat CAPTCHA?

Jeremiah Tolbert @ 10-07-2007

In the war between spammers and everyone else, the spammers may have captured new territory. A new trojan appears to be capable of bypassing the CAPTCHA systems on Yahoo and Hotmail, allowing spammers to create 500 bogus email addresses per hour. CAPTCHA tests are the distorted images of text that computers have previously been unable to read. They’re a kind of simple Turing Test meant to require a human behind a keyboard when creating a new email address.

I am suspicious of the claim that the trojan is actually somehow able to read these images, which have thus far been impossible to crack as a security measure. New Scientist Blog agrees. 500 an hour is not very fast. There is some trickery at work here, perhaps in the form of passing the CAPTCHAs from Hotmail to another website where humans are doing the solving work for the spammers.

Be Sociable, Share!

4 Responses to “Spammers Defeat CAPTCHA?”

  1. Jim says:

    All the more reason to stick to using Akismet and Bad Behavior. 🙂

  2. Paul Raven says:

    We use Dr. Dave’s Spam Karma here, and at my own blog, which does a pretty good job too. But I’ve heard great things about Bad Behaviour – I believe some very-high-traffic sites run it and Spam Karma simultaneously.

  3. Duality says:

    Spammers a while ago were able to circumvent CAPTCHA tests by employing people looking for free porn. So you’d display a captcha image from a target site on a secondary site with the message “free porn if you enter this code”. The person looking for some free porn would enter the code on the second site, and the second site would in turn post this on the target site automatically.

    If you get plenty of hits by people looking for porn – which to be fair, there are a lot of them – then you can use this to defeat captcha tests without having to use hugely complex software.

    The principle of Occam’s Razor…

  4. Duality says: