Slashdot Mirror

← Back to Stories (view on slashdot.org)

Have Spammers Overcome the CAPTCHA?

Posted by kdawson on from the turing-in-his-grave dept.

thefickler writes "It appears that spammers have found a way to automatically create Hotmail and Yahoo email accounts. They have already generated more than 15,000 bogus Hotmail accounts, according to security company BitDefender. The company says that a new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft's and Yahoo's CAPTCHA systems."

8 of 330 comments (clear)

  1. it's easy... by naeim · · Score: 4, Insightful

    Make a porn site that give you credit to download smut in exchange for solving captchas. Have your automatic account creator redirect the captcha to a human user of your porn site, and if you're lucky and it gets solved within the time period for which te captcha is valid, you're set.

  2. 500 accounts created every hour? by patio11 · · Score: 5, Insightful

    That doesn't sound like a CAPCHA has been broken, except perhaps by the sophisticated AI device known as a human being. 8 and a half CAPCHAs a minute? No problem for one person with a tolerance for boredom and CTS. Heck, you can even put the job up on Amazon Turk and charge a penny an account for the signups, or use cheap labor in any of a number of countries to do it.

    --
    Help poke pirates in the eyepatch, arr.
  3. FREE PR0N! by pq · · Score: 5, Insightful
    Get the rest of the difficult AI problems into CAPTCHAs. We've finally figured out a way to finance AI research!
    Not really.

    The way they've worked around it probably goes like this: "Free pr0n sets! See more of this hot chick! We don't want automated downloads of these sets, so you need to solve this code to get the download. What? It looks just like the hotmail cpachas? Yeah, we're using the same advanced technology here."

    So I guess this approach would also solve other AI problems - by having bored RIs solve them. Maybe not such a bad solution after all?

    --
    "I will take the Ring," he said, "though I do not know the way."
    1. Re:FREE PR0N! by AuMatar · · Score: 4, Insightful

      I'd be surprised if some spammers weren't using amazon's mechanical turk. Its cheap as hell, why not use an existing framework.

      --
      I still have more fans than freaks. WTF is wrong with you people?
  4. Re:OCR or humans by coldcell · · Score: 4, Insightful
    I was actually looking into securing a forum from spammers earlier when this question came into my head:

    How do I make questions that are simple enough to be obvious to legitimate members, but obscure for outsourced human spammers?

    I then wondered exactly WHY I'd want to use simple questions anyway, surely I'd want people posting intelligently, so why not moderate at the first access point! Elitism, sure, but I don't think that asking for some mathematically obscure reference for a forum catering to that userbase is Evil, nor any other purpose-specific odd questions. The truly determined can always google the answers.

    --
    Launchy.net changed my world.
  5. Re:Arguably Impractical but Satisfying Suggestions by 1u3hr · · Score: 4, Insightful
    * Problem with Spam traffic from India and China? Fine. Make a declaration internet traffic from those countries will be served from the Internet within 21 days unless all Spam activity ceases.

    Ever heard of proxies?

    Also, have a look at the ROKSO list. Most spam originates in the USA. They may route it through Russia or China or Korea, but its source is the USA. Block China, say, and next week it'll be coming via Brazil, or .... faster than you can reconfigure.

    If the USA wants to take decisive action, something the government has actively avoided doing, it could shut down spammers in a week. How many spammers have been prosecuted and gone to jail? It's big news when they do, but only a handful have been prosecuted. The feds just don't care enough to build cases, even when the evidence is handed to them. Only if AOL or Microsoft push does anything happen.

    Spammers have to make money. Credit card companies do that for them, and they are all based in the USA. As for the pump-and-dump spammers, that's a bit harder, but the stock exchanges should be able to block suspicious activity based on that. Thay don't care now because it's just foolish home investors losing money when they try to "take advantage" of the tips.

  6. Have they? by ady1 · · Score: 5, Insightful

    Or is it just that making new hotmail accounts is being outsourced to china/india/?

  7. Could be, according to this /. article by I)_MaLaClYpSe_(I · · Score: 4, Insightful
    Could be, according to this /. article


    Spammers Learn To Outsource Their Captcha Needs

    Posted by Zonk on Saturday November 25, @05:36AM
    from the hearing-some-ominous-muttering dept.

    lukeknipe writes

    "Guardian Unlimited reporter Charles Arthur speaks with a spammer, discussing the possibility that his colleagues may be paying people in developing countries to fill in captchas. In his report, Arthur discusses Nicholas Negroponte's gift of hand-powered laptops to developing nations and the wide array of troubles that could arise as the world's exploitable poor go online."

    From the article:

    "I've no doubt it will radically alter the life of many in the developing world for the better. I also expect that once a few have got into the hands of people aching to make a dollar, with time on their hands and an internet connection provided one way or another, we'll see a significant rise in captcha-solved spam. But, as my spammer contact pointed out, it's nothing personal. You have to understand: it's just business."