Spammers use free porn to bypass Hotmail, Yahoo barriers
Takeaway: Junk e-mailers set up porn sites and use visitors to bypass defenses used by Hotmail and Yahoo to stop bot software from automatically opening e-mail accounts.
By Munir KotadiaSpecial to CNET News.com
By offering free porn, spammers are using Internet surfers to bypass a security protection designed to stop bot software from automatically opening Web mail accounts.
Free Web mail services such as Hotmail and Yahoo are often used by spammers to send unsolicited e-mails. But because of the sheer quantity of e-mail sent, spammers require thousands of accounts and employ Web bots to automatically open them.
To combat this automation, Web mail companies started using the Captcha test (Completely Automated Public Test to tell Humans and Computers Apart), which creates a graphically distorted representation of a simple word that can easily be read by a human but not by a machine. The word is often written in an unusual font and presented on a patterned background to further confuse the bots.
To open an e-mail account, the applicant is asked to read the word in the Captcha graphic and type it into an application form. Because the disguised word is virtually impossible for a computer to read, spammers need a human to intervene, which ruins their automation process.
However, as first noted in the Boing Boing blog earlier this year, some spammers have found an ingenious way to bypass the Captcha protection.
First, the spammers open and advertise a Web site containing pornography. Visitors to the porn site are asked to enter the word contained in a Captcha graphic before they are granted access.
In the background, spammers have already used scripts to automate the Web mail accounts opening process to the point where they need a human to "read" the Captcha graphics. The Captcha graphics from the Web mail site are transferred to the porn site, where the porn consumers interpret the Captcha words. As soon as they enter the correct word, the script can complete its application process and the visitors are rewarded with free porn.
Simon Perry, vice president of security at Computer Associates International, said security is always a "moving target," and as soon as a company like MSN uses a new technology to secure a product or service, it is only a matter of time before it will be bypassed.
"Each little improvement makes it a little bit more difficult for the spammers. This is an exercise in continually moving up the bar," he said.
According to Perry, the only way to make a real difference is to combine technology with legislation and enforce that legislation. However, he said that even though spammers may have found a way past the Captcha, it is still slowing them down.
"Before the Captcha, those bots could open a million Hotmail accounts a day, but now, if they can attract 10,000 people to their free porn site, they can set up 10,000 accounts, which is a lot but still an order of magnitude less," Perry said.
Neither Microsoft's Hotmail nor Yahoo would comment on the issue.
Munir Kotadia of ZDNet UK reported from London.
Print/View all Posts Comments on this article
YAFA - Yet Another Freaking Acronym
Chance11or | 05/07/04
|
Captcha broken - but to what end?
spamNEWS | 05/10/04
|
White Papers, Webcasts, and Downloads
- Five Steps to Determine When to Virtualize YourServers VMware Thinking of virtualizing the servers at your company? Use this step-by-step guide to determine when's the best time to make your big move. Download Now
- Dell Helps Medical University of South Carolina Bring the Intelligent Classroom to Life Dell Established in 1824, Medical University of South Carolina (MUSC) is one of ... Download Now
- Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Ever wonder why your company isn't saving more from its server virtualization? Making a few small changes could dramatically increase your efficiency. Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the high cost of maintaining or building ever-larger data centers? Get the facts you need to formulate your Virtualization Action Plan. Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
