Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
02 March 2009  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Express Intelligent Enterprise

Events

Technology Senate
Technology Sabha
Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Tech News

Microsoft's CAPTCHA revolutions busted by spammers - again and again

Spammers have once again ramped up the siege on Microsoft's Live Hotmail services, by busting Microsoft's latest, redesigned CAPTCHA system.

Near the end of 2008, Microsoft reworked its CAPTCHA authentication, attempting to prevent further automatic registrations by computer programs and automated bots, and preserve CAPTCHA's usability and reliability. As the latest attack shows, those efforts have failed.

The spammers' attack strategy includes more than registering e-mail accounts using anti-CAPTCHA operations; sending mass e-mails over the Internet; infecting thousands of user machines; and stealing information. Their strategy also includes developing a successful business model that focuses on advertising products and services, and reaching users with increasing success rates. Thus, spammers have been relying on the trusted reputation of Microsoft to carry out a wide range of attacks over the Internet.

Anti-CAPTCHA operations carried out by spammers to date can be clearly viewed as escalating steps in a persistent cycle. Every time Microsoft implements CAPTCHA changes to combat abuse of their services, the spammers adapt to those changes. Spammers have increased the sophistication of their anti-CAPTCHA response with this latest attack. Previous anti-CAPTCHA operations consistently used automation (sign-up, CAPTCHA break, and account creation) that consisted of straightforward, templated command and control instructions. The latest attack uses automation with encrypted communication between spammer bot servers and compromised machines.

The bot installs itself as a service, and uses the Internet Explorer browser on the target (compromised) machine in the background for the entire process.

The CAPTCHA-breaking host or bot server initiates the process of injecting encrypted instructions (command and control) onto the compromised machine. This encrypted code includes templated sign-up instructions with the spammers' predefined credentials (Windows Live ID, password, First name, Second name, Country, and so forth), along with CAPTCHA-breaking instructions (image send and code receive).

The compromised machine or bot-infected client decrypts the instructions received from the CAPTCHA-breaking host or bot server. The compromised machine then performs the tasks defined in the instructions. A process is initiated on the victim's machine, which connects to the Live Hotmail site to sign up for an account. The bot continues to the secured Live Hotmail signup page, where the bot attempts to begin filling in all predefined credentials.

The compromised machine receives the scrambled CAPTCHA code from the CAPTCHA-breaking host, descrambles it, and completes the signup process successfully.

Websense predictions about this persistent and ongoing spammer strategy have been proving to be accurate. The spammers have been using these accounts for additional, random attacks that include sophisticated new methods (both manual and automated) over significant Live services integrated with Live Hotmail, such as Live Messenger (instant messaging), Live Spaces (online storage), and the like.

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: The Indian Express Limited. All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of The Indian Express Limited. Site managed by BPD.