Spammers/ phishers looking to get past “turin test” images



A lot of web sites these days use “turin tests” to keep from having automated bots sign up for mail or other services. (Or post entries to a forum or something.) For those that don’t know, a turin test is a test designed to filter machines from people. I doubt I’m the only one that has occasionaly found one of those squiggly letter/number images to be so distorted that I’ve failed the test… Anyway, it seems that there is a new trend in phishing/spamming emails. From incidents.org they’re seeing some mass mailing attempts that seem to be aimed at getting people to identify “Captcha” graphics for them. (A captcha is basically the random number image used in many online turin tests.)


Apparently,

At the moment I am pretty sure that spammers
were using this “trick” to make users solve CAPTCHA graphics for them. In
this case, I believe they were trying to open new accounts on free webmail
www.pochta.ru (that’s a legitimate Russian webmail). When you try to open a
new account on that site (http://www.pochta.ru/regform.php) you will be
presented with a CAPTCHA picture and it’s link will be exactly
http://www12.pochta.ru/rnd_img.php?sid=b7404f329f63328217f3bace053b39e9 (for
example).

Now, pochta.ru uses sid parameter to identify which CAPTCHA image will be
presented. The image itself will be changed (colors and number positions),
but the string that the user has to enter will remain the same. To test this
just enter the URL above in your browser and refresh couple of times – you
will see how it changes.

Therefore, spammers can build a big table of corresponding SID strings
(probably just hashes) and correct answers which enables them to
automatically open new accounts. This maybe even works on other sites if
they use same programs to generate CAPTCHA images.

…. clever, build a database of SID strings so you don’t need to “read” the image, just note the SID string and plug in the “human verified” correct answer.

It kind of reminds me of something I came across recently from Amazon. “Human Intelligence Tasks”, they’re paying small amounts for people to complete “Human Intelligence Tasks”, these tasks are things that cannot be machine completed, but require a person to look. “Identify the best photo of this building” or “identify these automotive parts”, etc. Now, for those of you eager to make quick money, the HIT’s as they call them are most all valued around 3 cents each…. there are lots, so I guess if you could churn through 6 a minute, you could make ~$10.80 an hour (of course on dialup you probably won’t be able to manage 1 every 10 seconds….)

Related Posts

Blog Traffic Exchange Related Posts
  • Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
  • Windows XP on Qemu roundup So here's the sumup of my (now working and with plenty of free space) Windows XP install within QEMU. Well, for starters the XP disc I had was an upgrade disc and as I noted before it did not like the media I provided as proof of upgradability. So, I......
  • How to Remove Win Security 360 | Win Security 360 Removal Guide Win Security 360 is a rogue antivirus application that is promoted through the use of trojans and other malware as well as sites that claim to do malware scans of your computer. Among the things that it will do is schedule itself to run when the system boots and it......
Blog Traffic Exchange Related Websites
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site