Rise in Gmail spam indicates more solved CAPTCHAs
Spam originating from Google's
Gmail domain doubled last month, indicating that spammers are still defeating
the CAPTCHA, the distorted text used as a security test to thwart mass registration
of e-mail accounts and other Web site abuse.
Gmail spam went from 1.3 percent of all spam e-mail to 2.6 percent in February,
according to data released by e-mail security vendor MessageLabs
on Monday.
The new statistics are another nail in the coffin for CAPTCHA, which stands
for Completely Automated Public Turing test to tell Computers and Humans Apart.
Google is the latest free Web mail provider to be victimized by spammers' efforts
to create software to solve the codes, or at times, also employ people to solve
the codes en masse.
"It's only a matter of time before [CAPTCHAs] are comprehensively defeated,"
said Paul Wood, senior analyst at MessageLabs.
Last month, security vendor Websense
ascertained that spammers were using two hosts to crack Gmail's CAPTCHAs.
The method appeared to be successful only 20 percent of the time. But if the
procedure is repeated thousands of times, many new accounts can be generated
and used to send spam.
Most of the messages use links and images to advertise adult entertainment
sites, Wood said.
While other spammy domains can simply be blocked by antispam software, businesses
are reluctant to cut off the domains of free Web mail providers because of their
legitimate use, he said. Spam from Web mail providers comprises 4.2 percent
of all spam.
Google's CAPTCHA system is considered hard to crack, but so was Yahoo's, which
is also regularly beaten. MessageLabs said 88.7 percent of the spam from free
Web mail providers comes from Yahoo's domains.
Microsoft's CAPTCHA, used for registering accounts on its Windows Live Mail
service, has also been cracked. Websense believes the same group of spammers
are responsible for breaking both Google and Microsoft's system.
Wood said MessageLabs provides Google as well as other companies with data
that helps fight spam. Google could not be reached for comment.
MessageLabs sells a security service to companies, filtering e-mail before
passing it to their 17,000 customers. Per day, the company snags 2.5 billion
spam messages from a total of more than 3 billion messages.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
