RSSSpammers bypass Google's Gmail signup security
By Michael Hatamoto | Published February 27, 2008, 4:27 PM
An Internet research firm discovered spam bots are now able to register on Google's Gmail for spamming purposes. This latest attempt by spammers has been the most sophisticated recorded attempt to get around CAPTCHA, using both humans and bots.
The Completely Automoated Public Turing test to tell Computers and Humans Apart (CAPTCHA) test is designed to stop bots from being able to register on Web sites and Internet e-mail services to spam users. CAPTCHA technology is the jumbled letters in a small box that you must enter before being able to finish registration on most popular Web sites.
Google is the ideal target for spammers for a number of reasons, including a wide variety of services that can be targeted. Plus, it's free to register, and Google services are very unlikely to get blacklisted by companies.
Gmail will also remain a viable target since it's free and has a large number of users from around the world.
Just 1 out of every 5 bots is successful at registering through Gmail, but it appears the bigger problem is the organized group requesting humans help them slide by the CAPTCHA for a small sum of money.
Security research firm WebSense published a detailed look into how the CAPTCHA system is manipulated.
The Microsoft Windows Live Mail CAPTCHA defense was also compromised several weeks ago, using the same methods as Google.
Researchers have been looking into new anti-spamming technologies to offer a backup to CAPTCHA, but progress has been slow gowing. The problem with many new technologies, including CAPTCHA in some cases, is that it does deter spammers but also manages to deter many users trying to legitimately register for an e-mail account.
I wondered why I'm getting more spam in my Gmail inbox lately.
Score: 0
|here is a clue:
captcha needs to evolve.
Score: 0
|I just tried to sign up for Google apps and the CAPTCHA was unrecognizable. I couldn't get past it.
Score: 0
|I hope Google crushes them like the little pests they are!!!
Score: 0
|So they're not really making bots that can read CAPTCHA images... instead they're getting bots to complete everything else in the sign-up and then paying real people to go through the CAPTCHA images for the bots and type in the right letters.
And here I was thinking someone invented a VERY cool AI or advanced OCR program.
Score: 0
|I was considering moving from the CAPTCHA-type system to one that, even if farmed out to loads of humans, won't work.
I was going to change the system to show perhaps symbols of basic objects (like a fruit machine) is displayed and a question be asked about them in the local language.
Given that the networks of people at the moment simply have to read and replicate the letters, asking for the correct spelling of basic objects (fruit etc), numbers and colours would prove that user is at least spamming to their own culture!
Another idea would be to do basic math, so have 12+4-6 requireing the answer "ten" for an Enlgish site, "dix" for a French one, "????" for a Greek one etc.
As a final method, I propose the system of cultural questions, like an Android Robinson does on the Weakest Link. "Who was the 42nd president of the USA" would be hard in the UK, whereas people outside the UK would struggle to know who Dot Cotton was, or at least in which programme starting with a E she appear.
There are also quite useful culture-specifics like "rhyming" (depends on accents), "slang" (local knowledge) etc
Score: 0
|Not everyone knows their stuffs well.
Score: 0
|The problem with this is that you're basically discriminating by culture... not every person uses the same slang or rhyming scheme, and cultural questions can easily be botted. Same with basic math... it's not hard at all to have it give text answers instead of numeric...
Basically, you're making life more difficult for the real people, while making it easier for the bots to move ahead.
Score: 0
|Ahh, lovely spammers ruining the internets.
Score: 0
|