Feeds

Automated crack for Windows Live captcha goes wild

Spammers'Holy Grail

Next gen security for virtualised datacentres

Spammers are using a sophisticated piece of software that can create thousands of Windows Live email addresses by cracking the protections designed to prevent the large-scale creation of fraudulent accounts.

According to security firm Websense, the bot is surreptitiously installed on the PCs of end users. It then establishes a connection to the registration page of the Microsoft-owned mail service. About a third of the time, the software is able to bypass the Captcha requirement through a process that researchers have yet to precisely figure out.

The executable software,has already led to a surge of spam being sent from the Microsoft-owned service, said Dan Hubbard, vice president of security research at Websense. Its discovery comes a few weeks after the release of proof-of-concept code that defeats a similar Captcha used by Yahoo! Mail.

Free email services from Microsoft, Yahoo! and Google are rarely blocked by anti-spam products, making accounts on those services highly prized by spammers. In the past week or so, Websense antispam filters have gone from blocking fewer than 100 Windows Live accounts per day to a number that's in the thousands.

"Some customers were actually flagging the mail as legitimate because it was coming from Microsoft Live," said Hubbard. "Clearly, (spammers) are using the fact that (the services) are legitimate."

Short for "completely automated public Turing test to tell computers and humans apart," Captchas have emerged as a key barrier hindering scammers who want to create large numbers of fake online accounts. In some cases, Captcha-cracking has involved software that transmits the graphic to third-party website that promises a visitor free porn in exchange for typing in the characters. Other times, programs using highly specialized heuristics algorithms try to guess the characters, based on the arrangement of the pixels.

"Captcha breaking has been one of the largest targets of malware operators for some time, even to the point that they will go and farm out the job to human beings," said Adam O'Donnell, a research scientist at antispam company Cloudmark. "It's that profitable."

For years now, the forces of good and evil have been engaged in an arms race of sorts, in which new Captcha cracks beget stronger Captcha images, which in turn lead to more advanced cracks.

Hubbard said a Websense honeynet recently caught malware. When researchers installed it on a lab machine, they discovered that in addition to sending spam, it attempted to create the Windows Live accounts. The software cuts Microsoft's Captcha image and sends it to a server controlled by the scammers. The server then sends the text contained in the image back to the infected PC. The answer is correct as much as 35 per cent of the time.

"We don't know what the process is," said Hubbard. One possibility is that there are human being on the other end, but Hubbard is leaning away from that theory because it would require hundreds of people to make it work. It's also possible the spammers have found a new type of Captcha-cracking software.

Besides being rarely blocked by spam filters, accounts with big email services are valuable to spammers for other reasons. For one, they're free. And for another, the millions of other accounts held by legitimate users makes it hard for the services to pinpoint mass mailers.

Don't count on this cat-and-mouse match ending anytime soon. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.