CAPTCHA Killer on the Loose?
CAPTCHA Killer on the Loose?
April 17, 2008: The relentless arms race between security firms and spammers looks poised to swing back in favour of the cyber criminals with the news that a new spambot is cracking CAPTCHAs in as little as 60 seconds.
The Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) has, until now, been highly effective at stopping bots from creating new email accounts on services such as Hotmail and Gmail, from which waves of spam flood out until the account is closed.
Popular online email services such as Hotmail and Gmail are prized by scammers, as their popularity and – up until now – security means that they are rarely blacklisted by filtration software and services. However, with the security firm Websense estimating that this new breed of bot can register a new account every minute, a single both could create upwards of 1400 accounts a day. And with each service running into the 100’s of millions of users, tracking down and closing each dodgy account is no small task.
Websense says that these accounts could be used at any time for a variety of social-engineering attacks.
“A wide range of attacks (both manual and automated) would be possible using the same account credentials on other significant Live services integrated with Live Hotmail services,” writes Websense threat analyst Sumeet Prasad on the firm’s official blog.
Despite the prospect of ever-increasing levels of spam on the horizon, what’s more concerning is the looming death of CAPTCHA. Of course, more technical character imaging could be developed, but this would just prolong the arms race.
All of a sudden, that fraction of a cent per email tariff that has been suggested in the past is looking interesting again.
Comment on this story