May 6, 2004 11:23 AM PDT
Porn gets spammers past Hotmail, Yahoo barriers
- Related Stories
-
Microsoft taps IronPort in spam fight
May 5, 2004 -
E-mail lists choke on spam
April 13, 2004 -
Happy spamiversary
April 12, 2004 -
Finding a way to fry spam
February 24, 2004
Free Web mail services such as Hotmail and Yahoo are often used by spammers to send unsolicited e-mails. But because of the sheer quantity of e-mail sent, spammers require thousands of accounts and employ Web bots to automatically open them.
To combat this automation, Web mail companies started using the Captcha test (Completely Automated Public Test to tell Humans and Computers Apart), which creates a graphically distorted representation of a simple word that can easily be read by a human but not by a machine. The word is often written in an unusual font and presented on a patterned background to further confuse the bots.
To open an e-mail account, the applicant is asked to read the word in the Captcha graphic and type it into an application form. Because the disguised word is virtually impossible for a computer to read, spammers need a human to intervene, which ruins their automation process.
However, as first noted in the Boing Boing blog earlier this year, some spammers have found an ingenious way to bypass the Captcha protection.
First, the spammers open and advertise a Web site containing pornography. Visitors to the porn site are asked to enter the word contained in a Captcha graphic before they are granted access.
In the background, spammers have already used scripts to automate the Web mail accounts opening process to the point where they need a human to "read" the Captcha graphics. The Captcha graphics from the Web mail site are transferred to the porn site, where the porn consumers interpret the Captcha words. As soon as they enter the correct word, the script can complete its application process and the visitors are rewarded with free porn.
Simon Perry, vice president of security at Computer Associates International, said security is always a "moving target," and as soon as a company like MSN uses a new technology to secure a product or service, it is only a matter of time before it will be bypassed.
"Each little improvement makes it a little bit more difficult for the spammers. This is an exercise in continually moving up the bar," he said.
According to Perry, the only way to make a real difference is to combine technology with legislation and enforce that legislation. However, he said that even though spammers may have found a way past the Captcha, it is still slowing them down.
"Before the Captcha, those bots could open a million Hotmail accounts a day, but now, if they can attract 10,000 people to their free porn site, they can set up 10,000 accounts, which is a lot but still an order of magnitude less," Perry said.
Neither Microsoft's Hotmail nor Yahoo would comment on the issue.
Munir Kotadia of ZDNet UK reported from London.
See more CNET content tagged:
spammer,
porn,
MSN Hotmail,
bot,
human
Render a red text repeatedly in the background of the captcha: "www.myforum.org". Then you render the black CAPTCHA code above the red text.
Make sure the watermark text shines thru the black text a little, so it becomes VERY hard to remove the watermark text without damaging the captcha text so severly thats its impossible to read the captcha text....
Another idea is to make up the captcha text with the watermark text... Maybe it gets too hard to read the captcha text, but experiment with the spacing, to get well readibly.
(captcha text = the code the user is supposed to enter)
(watermark text = your site's name)
---------------------------------------
The offending porn sites will get very bad reputation for stealing captchas.