A lot of web sites these days use “turin tests” to keep from having automated bots sign up for mail or other services. (Or post entries to a forum or something.) For those that don’t know, a turin test is a test designed to filter machines from people. I doubt I’m the only one that has occasionaly found one of those squiggly letter/number images to be so distorted that I’ve failed the test… Anyway, it seems that there is a new trend in phishing/spamming emails. From incidents.org they’re seeing some mass mailing attempts that seem to be aimed at getting people to identify “Captcha” graphics for them. (A captcha is basically the random number image used in many online turin tests.)
At the moment I am pretty sure that spammers
were using this “trick” to make users solve CAPTCHA graphics for them. In
this case, I believe they were trying to open new accounts on free webmail
www.pochta.ru (that’s a legitimate Russian webmail). When you try to open a
new account on that site (http://www.pochta.ru/regform.php) you will be
presented with a CAPTCHA picture and it’s link will be exactly
Now, pochta.ru uses sid parameter to identify which CAPTCHA image will be
presented. The image itself will be changed (colors and number positions),
but the string that the user has to enter will remain the same. To test this
just enter the URL above in your browser and refresh couple of times – you
will see how it changes.
Therefore, spammers can build a big table of corresponding SID strings
(probably just hashes) and correct answers which enables them to
automatically open new accounts. This maybe even works on other sites if
they use same programs to generate CAPTCHA images.
…. clever, build a database of SID strings so you don’t need to “read” the image, just note the SID string and plug in the “human verified” correct answer.
It kind of reminds me of something I came across recently from Amazon. “Human Intelligence Tasks”, they’re paying small amounts for people to complete “Human Intelligence Tasks”, these tasks are things that cannot be machine completed, but require a person to look. “Identify the best photo of this building” or “identify these automotive parts”, etc. Now, for those of you eager to make quick money, the HIT’s as they call them are most all valued around 3 cents each…. there are lots, so I guess if you could churn through 6 a minute, you could make ~$10.80 an hour (of course on dialup you probably won’t be able to manage 1 every 10 seconds….)
Related PostsRelated Posts
- Firefox 220.127.116.11 out.... I haven't seen news to this yet, just found it on Mozilla.com, but the 18.104.22.168 release of firefox seems to have been released sometime today. (22.214.171.124 of Thunderbird was announced earlier today.) I don't know how quick Google is at directing to the new version of firefox, but I'll include......
- Windows XP on Qemu roundup So here's the sumup of my (now working and with plenty of free space) Windows XP install within QEMU. Well, for starters the XP disc I had was an upgrade disc and as I noted before it did not like the media I provided as proof of upgradability. So, I......
- Windows more secure than Linux? For the last week, I've seen various headlines referring to a report from US-CERT that indicated 2005 had 5,198 security flaws reported. Out of those 2,328 were reported for Linux/Unix, 812 for Windows and 2,058 affecting more than one operating system. Now, I'm seeing all sorts of headlines about how......
- Introduction to Photo Blogging Photo blogs, which are also commonly referred to as photologs or phlogs, are great examples of the tendency for people to keep connected to one another at all times, as well as to share as much information as is possible with people who are virtually strangers to them. Photo blogging,......
- Facebook List Messages - 2011's Powerful Alternative to Email Marketing Strikes Hard, and is more than just Effective. [/caption] Internet Marketing Strategies, particularly Email Marketing, have seen an overhaul of sorts this past year. Rising standards in Anti-Spam Compliance Regulations have forced most email service providers like Aweber, MailChimp and iContact to reevaluate their levels of "leniency" towards unsubscribe rates and spam complaints, and enforce stricter monitoring......
- The Opposite of Successful Blogging There is an opposite to successful blogging, which is blogging that drives your readers in the wrong direction. Take a look at this list of things that you can do to drive readers away so that you will have a better understanding of what you need to do in order......
- Approaches to beating form spam submission
- Disappointing trend for online banking sites
- Nugache the latest in bot-net technology… and why you should care about botnets…
- More XBox 360 news
- Developers meet Marketing – Marketing developers….