The idea that bots are being used to attack the CAPTCHA systems of many of the popular webmail systems is nothing new. The speed records they are setting however are extreme, six seconds is all that is needed by some bots to break the CAPTCHA system used by Hotmail Live and automatically register an account to be later used by spammers.
Gone in six seconds. Botnets set new speed records in breaking CAPTCHA. (IMG:J.Anderson)
If you are not familiar, or have lived under a rock for a few years, Windows Live Hotmail (previously MSN Hotmail and Hotmail) was one of the first free webmail services on the web. Currently, it features 5 GB of storage, and integration with Windows Live Messenger, Spaces, Calendar, and Contacts. It has over 250 million users worldwide and is available in 35 different languages.
Unlike GMail from Google, Hotmail is often stopped at the edge on a network because of spam. However, some services allow Hotmail to get past some filters by default, because of said integration.
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) is hated by some, and ignored by others. The general idea is to present an image that is random, asking a human to type out that they see. Variables of this technology have been used before as well and some proposals even ask you to pick out the kitten.
For the most part, the CAPTCHA systems work. However, bloggers were the first to notice issues as some of the comment sections, CAPTCHA protected, were still seeing a large volume of spam. Later several security companies noticed patterns emerging with bots using services like GMail, and Hotmail to send spam. The result, as it turns out, of botnets cracking the CAPTCHA code.
“In the current attack, the response time of CAPTCHA breaking host after grabbing a CAPTCHA image from a victims’ machine, analyzing it, and responding back to victims’ machine with corresponding CAPTCHA code is relatively lower when compared to previous attacks. It is observed that the total response time for CAPTCHA breaking on the average is only about 6 seconds,” security vendor Websense said in a blog report on the subject.
Filtering works for the most part, but other services are starting to emerge on the IT scene that might help prevent most of this junk on a network. Reputation based services form some well-known vendors are starting to shape the way email is filtered on a network.
The Tech Herald will report on some reputation based management in a future story.
In the mean time, blocking the hotmail domain will keep spam away, and unless hotmail is needed, you should do this anyway by default on the business network.
Full report: http://tinyurl.com/6c7j6e
There are currently no comments for this article. Be the first to comment!
Advertising
There are currently no comments for this article. Be the first to comment!