October 16, 2008, 6:31 AM — Spammers are hitting Google’s Blogger service hard, using botnets to create hundreds of fake pages. The pages are full of spam ads, obviously, but some also redirect the viewer to a porn or other spam site. In essence, they are using Blogger as a way to avoid being caught by security software and spam filters, knowing that the service is unlikely to ever be blacklisted. The fact that the service has such a huge number of pages overall also helps the spam sites stay undetected longer.
According to Websense, the specially coded instructions the spammers send to their bots tell a compromised PC how to register accounts on the service and also helps it get past the CAPTCHA system. The PC sends a request to an external host that tries to solve the CAPTCHA and sends the answer back to the PC. So far it is estimated to have a success rate of about 13%.
While no one has yet figured out exactly how the CAPTCHA gets solved, some experts believe spammers are paying actual humans in third world countries to solve them. The pay is estimated to be roughly $3 for every successful solution. However, since security researchers have managed to develop methods that help computers increase their success rate, it wouldn’t be surprising if hackers and spammers have also figured out those methods. Read the rest of this story>>
