Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Spammers bypass Google's Gmail signup security

By Michael Hatamoto, BetaNews

February 27, 2008, 4:27 PM

An Internet research firm discovered spam bots are now able to register on Google's Gmail for spamming purposes. This latest attempt by spammers has been the most sophisticated recorded attempt to get around CAPTCHA, using both humans and bots.

The Completely Automoated Public Turing test to tell Computers and Humans Apart (CAPTCHA) test is designed to stop bots from being able to register on Web sites and Internet e-mail services to spam users. CAPTCHA technology is the jumbled letters in a small box that you must enter before being able to finish registration on most popular Web sites.

Google is the ideal target for spammers for a number of reasons, including a wide variety of services that can be targeted. Plus, it's free to register, and Google services are very unlikely to get blacklisted by companies.

Gmail will also remain a viable target since it's free and has a large number of users from around the world.

Just 1 out of every 5 bots is successful at registering through Gmail, but it appears the bigger problem is the organized group requesting humans help them slide by the CAPTCHA for a small sum of money.

Security research firm WebSense published a detailed look into how the CAPTCHA system is manipulated.

The Microsoft Windows Live Mail CAPTCHA defense was also compromised several weeks ago, using the same methods as Google.

Researchers have been looking into new anti-spamming technologies to offer a backup to CAPTCHA, but progress has been slow gowing. The problem with many new technologies, including CAPTCHA in some cases, is that it does deter spammers but also manages to deter many users trying to legitimately register for an e-mail account.

Add a Comment

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By rsx508

posted Feb 29, 2008 - 11:38 AM

I wondered why I'm getting more spam in my Gmail inbox lately.

Score: 0

By DatabaseBen

posted Feb 28, 2008 - 6:15 PM

here is a clue:

captcha needs to evolve.

Score: 0

By mjm01010101

posted Feb 28, 2008 - 1:42 PM

I just tried to sign up for Google apps and the CAPTCHA was unrecognizable. I couldn't get past it.

Score: 0

By siryak

posted Feb 27, 2008 - 10:55 PM

I hope Google crushes them like the little pests they are!!!

Score: 0

By Tenoq

posted Feb 27, 2008 - 5:52 PM

So they're not really making bots that can read CAPTCHA images... instead they're getting bots to complete everything else in the sign-up and then paying real people to go through the CAPTCHA images for the bots and type in the right letters.

And here I was thinking someone invented a VERY cool AI or advanced OCR program.

Score: 0

By Briantist

edited Feb 28, 2008 - 6:16 AM

I was considering moving from the CAPTCHA-type system to one that, even if farmed out to loads of humans, won't work.

I was going to change the system to show perhaps symbols of basic objects (like a fruit machine) is displayed and a question be asked about them in the local language.

Given that the networks of people at the moment simply have to read and replicate the letters, asking for the correct spelling of basic objects (fruit etc), numbers and colours would prove that user is at least spamming to their own culture!

Another idea would be to do basic math, so have 12+4-6 requireing the answer "ten" for an Enlgish site, "dix" for a French one, "????" for a Greek one etc.

As a final method, I propose the system of cultural questions, like an Android Robinson does on the Weakest Link. "Who was the 42nd president of the USA" would be hard in the UK, whereas people outside the UK would struggle to know who Dot Cotton was, or at least in which programme starting with a E she appear.

There are also quite useful culture-specifics like "rhyming" (depends on accents), "slang" (local knowledge) etc

Score: 0

By Maymne

posted Feb 28, 2008 - 1:18 PM

The problem with this is that you're basically discriminating by culture... not every person uses the same slang or rhyming scheme, and cultural questions can easily be botted. Same with basic math... it's not hard at all to have it give text answers instead of numeric...

Basically, you're making life more difficult for the real people, while making it easier for the bots to move ahead.

Score: 0

By teohhanhui

posted Feb 28, 2008 - 11:30 AM

Not everyone knows their stuffs well.

Score: 0

By Babylon2x

posted Feb 27, 2008 - 5:31 PM

Ahh, lovely spammers ruining the internets.

Score: 0

Jul 3 - 6:45 PM ET Netflix box by Roku to get more content providers

Jul 3 - 6:30 PM ET US Justice Dept. sued for info on cellular tracking practices

Jul 3 - 6:27 PM ET Next Patch Tuesday has few security updates, big Vista reliability fix

Jul 3 - 5:49 PM ET BlackBerry Pearl users can test voice input for Google Maps

Jul 3 - 5:30 PM ET Adobe pushes its Flash 10 beta 2 refresh

Jul 3 - 4:39 PM ET Nokia and InterDigital start to disassemble their running feud

Jul 3 - 4:34 PM ET Do-it-yourself phone manufacturer declares its independence tomorrow

Jul 3 - 4:16 PM ET Study: US broadband access up overall, but down among the poor

Jul 3 - 3:54 PM ET Beta test a portable Web browsing device

Jul 3 - 3:20 PM ET Nvidia: 'Previous generation' GPUs failing at high rates