Hackers get help from a virtual stripper

Hackers have been reported to rely on a virtual stripper in order to get past CAPTCHAs (Completely Automatic Public Turing Test to Tell Computers and Humans Apart). This method is most useful for spammers, who usually use web-based emails for their schemes, but often have the trouble of automating CAPTCHAs, which are used to help prevent accounts belonging to bots.

The particular scheme involves a virtual stripper, “Melissa”, who is seen with less and less clothes every time a user correctly decodes a CAPTCHA. The CAPTHCHAs are actually legitimate ones taken from Yahoo Mail Sign-up screens. This way, hackers can perform automatic account registration in semi-real time.

The striptease is part of a trojan, which Trend Micro inc. flagged as CAPTCHA.a. The trojan might be a part of a multistage-attack, downloaded to a PC that's been compromised by other, more malicious code or a drive-by web-based exploit.

This is hardly the first time CAPTCHAs are being cracked, nor is it the first time humans are used for this purpose: “Work-at-home money mule schemes run by criminals have hired people to do this same thing,” said Paul Ferguson, a network architect at Trend Micro, “They're told to log on to this Web page and type the CAPTCHA. They have a quota”. Other uses for CAPTCHAs are to further blog-commenting rights and these have also been cracked to make blogs' standings in search engines better.

Like us on Facebook