In the war between spammers and everyone else, the spammers may have captured new territory. A new trojan appears to be capable of bypassing the CAPTCHA systems on Yahoo and Hotmail, allowing spammers to create 500 bogus email addresses per hour. CAPTCHA tests are the distorted images of text that computers have previously been unable to read. They’re a kind of simple Turing Test meant to require a human behind a keyboard when creating a new email address.
I am suspicious of the claim that the trojan is actually somehow able to read these images, which have thus far been impossible to crack as a security measure. New Scientist Blog agrees. 500 an hour is not very fast. There is some trickery at work here, perhaps in the form of passing the CAPTCHAs from Hotmail to another website where humans are doing the solving work for the spammers.