Intelligent Spammer<br><br><a href='http://news.com.com/2100-1023_3-5207290.html?tag=nefd.top' target='_blank'>http://news.com.com/2100-1023_3-5207290.html?tag=nefd.top</a><br><br> orn gets spammers past Hotmail, Yahoo barriers<br>Last modified: May 6, 2004, 11:23 AM PDT<br>By Munir Kotadia <br>Special to CNET News.com<br><br> <br>By offering free porn, spammers are using Internet surfers to bypass a security protection designed to stop bot software <br>from automatically opening Web mail accounts. <br><br>Free Web mail services such as Hotmail and Yahoo are often used by spammers to send unsolicited e-mails. But because of <br>the sheer quantity of e-mail sent, spammers require thousands of accounts and employ Web bots to automatically open them. <br><br>To combat this automation, Web mail companies started using the Captcha test (Completely Automated Public Test to tell <br>Humans and Computers Apart), which creates a graphically distorted representation of a simple word that can easily be <br>read by a human but not by a machine. The word is often written in an unusual font and presented on a patterned <br>background to further confuse the bots. <br><br>To open an e-mail account, the applicant is asked to read the word in the Captcha graphic and type it into an application<br> form. Because the disguised word is virtually impossible for a computer to read, spammers need a human to intervene, <br>which ruins their automation process. <br><br>However, as first noted in the Boing Boing blog earlier this year, some spammers have found an ingenious way to bypass <br>the Captcha protection. <br><br>First, the spammers open and advertise a Web site containing pornography. Visitors to the porn site are asked to enter <br>the word contained in a Captcha graphic before they are granted access. <br><br>In the background, spammers have already used scripts to automate the Web mail accounts opening process to the point <br>where they need a human to "read" the Captcha graphics. The Captcha graphics from the Web mail site are transferred to <br>the porn site, where the porn consumers interpret the Captcha words. As soon as they enter the correct word, the script<br> can complete its application process and the visitors are rewarded with free porn. <br><br>Simon Perry, vice president of security at Computer Associates International, said security is always a "moving target,"<br> and as soon as a company like MSN uses a new technology to secure a product or service, it is only a matter of time <br>before it will be bypassed. <br><br>"Each little improvement makes it a little bit more difficult for the spammers. This is an exercise in continually <br>moving up the bar," he said. <br><br>According to Perry, the only way to make a real difference is to combine technology with legislation and enforce that <br>legislation. However, he said that even though spammers may have found a way past the Captcha, it is still slowing <br>them down. <br><br>"Before the Captcha, those bots could open a million Hotmail accounts a day, but now, if they can attract 10,000 people<br> to their free porn site, they can set up 10,000 accounts, which is a lot but still an order of magnitude less," Perry<br> said. <br><br>Neither Microsoft's Hotmail nor Yahoo would comment on the issue. <br> |
狗仔卡
发表于 8.5.2004 14:01:52
显身卡