Spammers/ phishers looking to get past “turin test” images



A lot of web sites these days use “turin tests” to keep from having automated bots sign up for mail or other services. (Or post entries to a forum or something.) For those that don’t know, a turin test is a test designed to filter machines from people. I doubt I’m the only one that has occasionaly found one of those squiggly letter/number images to be so distorted that I’ve failed the test… Anyway, it seems that there is a new trend in phishing/spamming emails. From incidents.org they’re seeing some mass mailing attempts that seem to be aimed at getting people to identify “Captcha” graphics for them. (A captcha is basically the random number image used in many online turin tests.)


Apparently,

At the moment I am pretty sure that spammers
were using this “trick” to make users solve CAPTCHA graphics for them. In
this case, I believe they were trying to open new accounts on free webmail
www.pochta.ru (that’s a legitimate Russian webmail). When you try to open a
new account on that site (http://www.pochta.ru/regform.php) you will be
presented with a CAPTCHA picture and it’s link will be exactly
http://www12.pochta.ru/rnd_img.php?sid=b7404f329f63328217f3bace053b39e9 (for
example).

Now, pochta.ru uses sid parameter to identify which CAPTCHA image will be
presented. The image itself will be changed (colors and number positions),
but the string that the user has to enter will remain the same. To test this
just enter the URL above in your browser and refresh couple of times – you
will see how it changes.

Therefore, spammers can build a big table of corresponding SID strings
(probably just hashes) and correct answers which enables them to
automatically open new accounts. This maybe even works on other sites if
they use same programs to generate CAPTCHA images.

…. clever, build a database of SID strings so you don’t need to “read” the image, just note the SID string and plug in the “human verified” correct answer.

It kind of reminds me of something I came across recently from Amazon. “Human Intelligence Tasks”, they’re paying small amounts for people to complete “Human Intelligence Tasks”, these tasks are things that cannot be machine completed, but require a person to look. “Identify the best photo of this building” or “identify these automotive parts”, etc. Now, for those of you eager to make quick money, the HIT’s as they call them are most all valued around 3 cents each…. there are lots, so I guess if you could churn through 6 a minute, you could make ~$10.80 an hour (of course on dialup you probably won’t be able to manage 1 every 10 seconds….)

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 19 - What about when you're not on your home network? When you're not at your home network is probably one of those times you should be more on your guard. Wireless access points are very common and a greatly useful thing, but there are some steps you should take to protect yourself, your pc and the data stored there. First......
  • How to Remove Control Center | Control Center Removal Guide Control Center is a Rogue Security application that is designed to scare people into paying for it. It is a scam. All of it's claims about compromised system security are falsified and it really doesn't do anything outside of promote itself. It would be best if you were to avoid......
  • WMF vulnerability advisory update Microsoft has updated their security bulletin on the WMF vulnerability to note a couple things. One, they acknowledge that embedded images within a document can trigger the exploit. Previously they said this needed further investigation. Second, they are seconding what I've been finding that Windows 98 and other pre-XP systems......
Blog Traffic Exchange Related Websites
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site