Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 1st, 2008

Microsoft’s CAPTCHA Under Spammers Attack Again

Spammers and malware authors are once again attempting to break Microsoft’s CAPTCHA, and are able to sign up Live Hotmail accounts with a success rate of 10% to 15%, according to an assessment published by Websense. The “DomainKeys” verified server reputation is being abused in order to increase the probability of spam emails reaching the receipts.

Websense have discovered that spammers, in a recent aggressive move, have managed to create automated bots that can sign up for and create random Hotmail accounts, defeating Microsoft’s latest, revised CAPTCHA system. The accounts are then used to send mass-mailings.

Early this year spammers already demonstrated their adaptability by defeating a range of anti-spam services offered by security vendors by carrying out the streamlined anti-CAPTCHA operations on Microsoft’s Live Mail, Google’s Gmail, Microsoft’s Live Hotmail, Google’s Blogger, and Yahoo Mail.

Recognition rate is successful once in every 8 to 10 attempts to sign up for a Live Hotmail account. According to Websense, it is a modest success rate given that the academic community has managed to achieve 92% recognition rate in the past. But with hundreds of thousands of malware infected hosts, it appears that they are willing to allocate resources despite the modest success rate, and are actively spamming through the newly registered bogus email accounts.

Share this item with others:

More on CyberInsecure:
  • Google’s Blogger CAPTCHA Under Automated Registrations Attack
  • Fake Microsoft-like Sites Attempt To Install Malware
  • Spammers Successfully Avoid IP Address-Based Reputation By Using Free E-mail Providers
  • Bebo Social Network Targeted By Spammers Again, Tens Of Thousands Of Bogus Accounts Generated Monthly
  • 3$ for breaking the CAPTCHA

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft’s CAPTCHA Under Spammers Attack Again

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.