Spammers Once Again Attacking Microsoft’s CAPTCHA
Spammers are again attacking Microsoft’s CAPTCHA system and so far have a 10-15% success rate. They’re using automated bots to defeat the system, which was revised and revamped after it was attacked successfully earlier this year. Experts have found that the process involves three stages. First, instructions are sent from a host machine to one on its botnet. The infected machine then begins to attempt to crack the CAPTCHA system, and then the bot uses the successfully created Live Hotmail accounts to send large amounts of spam.
Services like Live Hotmail and GMail have become favored targets for spammers and phishers because of the DomainKeys and Domain Key Identified Mail email authentication they use, which lets a sender’s reputation determine email delivery. The more reputable the sender, the less likely mail from them will end up in a spam filter or blacklist. The messages and senders are authenticated with a digital signature and private key. The server receiving the message decrypts the signature with a key obtained thtough the DNS of the sender’s domain (hence the name DomainKeys) to determine if it matches the email message. Once the message and sender are determined to be authentic, the sender’s reputation is used to decide the delivery status. Senders with bad reputations or messages with missing or fake signatures stand a very strong chance of being rejected while those from reputable senders and good signatures are usually delivered. While most ISPs haven’t adopted this technology yet, many web based email providers and services have, including Yahoo, GMail, Ebay, and Paypal. Read the rest of this article
» posted by gzammit
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
