April 24, 2009, 9:28 AM — A Vietnamese security company has detected what it believes is a new worm that thwarts Google's security protections in order to register new dummy Gmail accounts from which to send spam.
Bach Koa Internetwork Security (BKIS) said the worm was discovered earlier this week in one of its honeypots, the term for a computer set up to catch samples of malicious software. BKIS has named the malware "W32.Gaptcha.Worm."
Once a computer is infected with Gaptcha, the worm launches the Internet Explorer browser and goes to Gmail's new account registration page. It begins to fill in random names of fictitious users. When confronted with a CAPTCHA, the worm sends the image to a remote server for processing, wrote Do Manh Dung, senior malware researcher, on the BKIS blog.
A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is the distorted text that a person must solve before a new account can be created. It used to be hard for computers to translate the text, but improvements in OCR (optical character recognition) technology have overcome that barrier. In some cases, spammers are believed to employ people in low-income countries to figure out the CAPTCHA in order to gain new e-mail accounts.
Once a new registration is complete, the account details are then e-mailed to a spammer. After too many account registrations, Google will eventually block the particular computer creating the accounts. The worm then removes itself, Dung wrote.
Google officials contacted in London did not have a comment on the latest worm, but it and other companies that provide free e-mail accounts have been besieged over the last few years by spammers using sophisticated techniques to create fake accounts.
Free e-mail accounts are valuable to spammers. E-mail sent from those accounts has a better chance of making it past antispam filters since it comes a trusted domain, although companies use other methods such as text analysis to pluck out rubbish e-mail.
