Google’s Blogger CAPTCHA Under Automated Registrations Attack
Spammers, in their recent tactics, have targeted Google’s well-known blog publishing system “Blogger”/”Blogspot”, following the previous attacks on Microsoft’s Live Mail Anti-CAPTCHA, Google’s Gmail Anti-CAPTCHA and Microsoft’s Live Hotmail Anti-CAPTCHA services.
The automated bots are capable of not only signing up and creating Blogger accounts (using spammer account credentials), but also use these accounts as redirectors and doorway pages for advertising their products and services. In the current attack, accounts using anti-CAPTCHA operations at Blogger get registered, and few lines of script or code is used to refresh the account, thus directing the user to the actual spam domain.
For spammers, there could be few main advantages to this approach. A free to sign up where accounts can be used as redirectors or doorway pages to spammers’ domain(s). Spammers include these redirecting accounts in different spam campaigns rather than including their actual spam domains and use this tactic to defeat a range of anti-spam services.
These redirecting or doorway page accounts can also be used in multiple mass-mailing campaigns for subsequent attacks.
Another advantage is the difficulty to keep track of these accounts as millions of users worldwide are using Google’s Blogger services on a regular basis.
The entire automated process in is built of two stages. First, predefined instructions from the CAPTCHA breaking host injected on to bot infected or victim’s machine. Instructions are used as templates, with varying account credentials and spam domain redirecting script. Second, bot infected or victims’ machine performing tasks are per pre-defined instructions. Spammers are trying to improve the Anti-CAPTCHA techniques and performed validation checks are sent to their email addresses.
These accounts could be used by the spammers at any time for a variety of social-engineering attacks, a trend that has been increasingly common with various popular Web 2.0 sites.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.