The Register® — Biting the hand that feeds IT

Feeds

Trojan creates bogus webmail accounts to punt drugs

Hotmail and Yahoo! captchas defeated?

By John Leyden, 6th July 2007
  • print
  • alert

Agentless Backup is Not a Myth

Miscreants have created a strain of malware capable of setting up bogus Hotmail and Yahoo! accounts in order to send spam.

The HotLan-A Trojan uses automatically-generated webmail accounts, suggesting that spammers have found a way to bypass the Captcha system (which typically means accounts can't be created until a user correctly identifies letters depicted in an image).

The Captcha system was set up by online service providers in order to try to ensure that only requests generated by a human, and not automated by a program, are serviced.

These challenge-response systems are often used to stop the automatic creation of webmail accounts by spammers, so their apparent defeat by the HotLan-A Trojan is of particular note.

The use of compromised PCs to send spam has been going on for years, but the HotLan-A Trojan follows a more complex routine. Each active copy of the Trojan attempts to set up a webmail account before pulling encrypted spam emails from a website. It then decrypts these junk emails and sends them to (presumably valid) addresses taken from yet another website, according to an analysis of the malware by Romanian anti-virus firm BitDefender. Junk mail sent using the malware has largely been used to spamvertise sites flogging pharmacy products.

"There are only about 500 or so new accounts being created every hour," said Viorel Canja, head of BitDefender's Anti-virus Lab. "But still, we've seen 15,000+ Hotmail accounts being used so far. It's hard to estimate how many spam emails have already been sent." ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections
All Reader Comments (15)
Latest Comments
Anonymous Coward
Anonymous Coward

Discuss

"Lately, I have seen a great many flamewarriors correcting each others' spelling/grammar/punctuation, etc.

Question: Has this resulted in a more urbane and erudite flame culture?

Discuss."

In the UseNET days typos were generally ignored because it was usually the result of clumsy fingers. These days however more and more people are demonstrating blatant lack of skill in both spelling and grammar. These are not second-language english speakers we're talking about - its often people who have no exuse.

0
0
Blain Hamon

Why pay a turk?

I've heard of some porn sites advertising free images protected by a captcha. Thing is that the captcha is actually an image from some other site. So the dope enters it in, playing the unsuspecting turk.

And if they really wanted to make it tough to thwart, their malware would turn the infected user into a turk. That is, suppose someone wants to sign up to yahoo, but their computer is infected. The malware can then pre-fetch a failed signup, so when the user does the captcha, the malware registers its spamaddress instead, and throws up a 'failed captcha' page. The user figures they misread an 8 for a B, and registers a second time, this time going through, none the wiser that two accounts were made.

I'm not sure how to combat that level of trickery.

0
0
Paul Stimpson

Just wait for the Turk...

The more exotic approaches only work because they're not common enough to warrant a spammer defeating them. If somebody comes up with a system that actually works and it gets widely used the spammers will get round it. If it's computationally not feasible to solve the problem the spammers could resort to a system similar to the Amazon "Mechanical Turk" and pay a group of poor people in another country to do it: Trojan sends captcha to server which displays it for some poor shmuck who gets $0.01 for every 10 he solves and the result is returned. If he's good he could well earn 1c every minute which is $6 a day (on a 10 hour day.) There are still many countries where $6 is a very good wage.

I suppose such techniques could be made less effective by limiting the time the user has to solve the captcha but they we'd be discriminating even more against the disabled for whom they're difficult enough as it is. Streaming, animated, video captchas anyone?

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
136
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
Internet fraud still stings suckers
Australians twice as gullible as Americans
36
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17