Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2962
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2857
Total: 2858









Author Topic: Bot Busts Newest Hotmail CAPTCHA  (Read 2394 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Bot Busts Newest Hotmail CAPTCHA
« on: 19. February 2009., 18:34:40 »


Spammers have cracked  Microsoft Corp.  's latest defense against abuse of its Live Hotmail e-mail service using a sophisticated network of hacked computers that receive encrypted instructions from a central server, a security company has reported.

The botnet, or collection of compromised PCs, can decipher Live Hotmail's CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) registration safeguard in about 20 seconds, said Websense Inc. security researcher Sumeet Prasad.

CAPTCHA is the term for the distorted characters that many Web sites, such as e-mail services and blogs, use to prevent spammers and cyber criminals from creating massive numbers of new accounts. Those accounts are used to send junk mail or messages that try to dupe people into visiting malicious sites, and are valuable because spam filters rarely block the "hotmail.com" domain address.

Last fall, Microsoft revamped the CAPTCHA protection for Live Hotmail after earlier versions had been busted by hackers. Its newest defense has now fallen to a similar attack, said Prasad. "Every time Microsoft implements CAPTCHA changes to combat abuse of their services, the spammers adapt to those changes," Prasad said in an entry to the Websense security labs blog .

Although the newest automated CAPTCHA-cracking tactics are similar in some ways to those used previously by criminals, Prasad noted that the hackers are now using encryption to mask the instructions sent to the bots.

"The latest attack consists of encrypted communication between spammer bot servers and infected clients or compromised machines," said Prasad. "Spammers have adopted these tactics with a mindset to secure their operations from being exposed or detected." However, Prasad was able to pull apart the CAPTCHA bot's code and uncover how the instructions are passed between the individual bots and the central command-and-control server.

The actual CAPTPCHA deciphering takes place on the server, which then passes the decoded characters to the bot to register an account.

The hackers successfully bust Hotmail's CAPTCHA once every five to eight attempts, a success rate of between 12.5% and 20%. On average, it takes the botnet server 20 to 25 seconds to analyze the characters and report back to the bot with a CAPTCHA guess.

Previously, bots were able to break Microsoft's CAPTHCA in as little as six seconds , and have at times enjoyed success rates as high as 35% .

(PC World)

Samker's Computer Forum - SCforum.info

Bot Busts Newest Hotmail CAPTCHA
« on: 19. February 2009., 18:34:40 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023