CAPTCHA under attack by Hackers lurking folks with a provocative Striptease

Thursday, November 01, 2007

CAPTCHA under attack by Hackers lurking folks with a provocative Striptease

Credit where credit is due. The hackers understand human nature. So here's the deal and beware. And, share with buddies who are tempted to sign away their computer's security for a cheap thrill. If you get an email teasing you with an online striptease, avoid the temptation.

From TrendLabs Malware blog

A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go,” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The strip-tease game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

Got that?

CAPTCHA

CAPTCHA is an acronym for Completely Automated Public Turing . CAPTCHA is designed to prevent bots from spamming blogs and websites. It requires people to copy a series of oddly shaped letters and numbers( that are really tough to read) to let the computer know an actual person is sending a message. CAPTCHAs are supposed to be impossible for a machine to read.

It's the modern day version of cops and robbers, bad guys vs good guys, the hackers are told its impossible to break the code and by golly they are going to find a way to break the code.

In this case, their solution is to bring sexy back. From The Washington Post

But the woman never fully undresses, and after several passwords are entered the program restarts, possibly enticing unsuspecting users into trying again.

Trend Micro researchers say the scam appears to be isolated for now to spammers trying to register bogus e-mail addresses and flood chat rooms with unwanted pitches. But they worry schemes to infiltrate financial institutions could soon appear. Paul Ferguson, network architect at Trend Micro, speculated that spammers might be using the results to write a program to automatically bypass CAPTCHA systems. "I have to hand it to them," Ferguson said, laughing. "The social engineering aspect here is pretty clever."

Posted at 07:37 AM in Business Culture/Trends | Permalink

Tags: CAPTCHA, EMAILS, HACKERS, TROJAN

Comments

From TrendLabs Malware blog

A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go,” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The strip-tease game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

Got that?

CAPTCHA

It's the modern day version of cops and robbers, bad guys vs good guys, the hackers are told its impossible to break the code and by golly they are going to find a way to break the code.

In this case, their solution is to bring sexy back. From The Washington Post

But the woman never fully undresses, and after several passwords are entered the program restarts, possibly enticing unsuspecting users into trying again.

Trend Micro researchers say the scam appears to be isolated for now to spammers trying to register bogus e-mail addresses and flood chat rooms with unwanted pitches. But they worry schemes to infiltrate financial institutions could soon appear. Paul Ferguson, network architect at Trend Micro, speculated that spammers might be using the results to write a program to automatically bypass CAPTCHA systems. "I have to hand it to them," Ferguson said, laughing. "The social engineering aspect here is pretty clever."

MinnPost