Jump to content


Photo

Websense: Google CAPTCHA busted... recent spam tactics


  • Please log in to reply
6 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 February 2008 - 03:45 PM

FYI...

- http://www.websense.....php?BlogID=174
Feb 22 2008 - "Websense Security Labs has discovered that Google’s popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to created bots that are capable of signing up and creating random Gmail accounts for spamming purposes. Websense believes that from the spammers’ perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide portfolio of services. Second, Google’s domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis... Websense believes that these accounts could be used by spammers at any time for abusing Google’s infrastructure. A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google... It is observed that at this stage bots (or bot-infected machines) are trying to sign up as many accounts as possible with Gmail mail services. One of the main concerns here is attacking CAPTCHA. Unfortunately, spammers seem to have success with it. The bot is signing up an account feeding all the prerequisites or input data that goes into the signup page and successfully creating a mail account. Considering the normal / routine process involved in signing up a web mail account (Gmail), CAPTCHA authentication is a must for a successful signup. Since a bot is creating an account successfully, it is obvious that CAPTCHA is broken...Unlike Live Mail CAPTCHA breaking*, which involved just one botted host doing the entire job (signing up, filling in details, getting the CAPTCHA request), the Gmail signing process involves two botted hosts (or CAPTCHA breaking hosts)..."
* http://www.websense.....php?BlogID=171

(Screenshots available at both URL's above.)

:techsupport:

Edited by apluswebmaster, 25 February 2008 - 06:57 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 February 2008 - 06:28 PM

Also see:

http://spamtrackers....ooglepages_Spam
http://rss.uribl.com...epages_com.html
http://rss.uribl.com...ogspot_com.html

(Hat tip to brewt at CastleCops.)

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 26 February 2008 - 01:47 PM

FYI...

Orkut Scraps Propagating Malicious Code
> http://forums.spywar...=...st&p=619260


:grrr: :ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 March 2008 - 10:26 AM

FYI...

- http://www.infoworld...st-month_1.html
Mar 11, 2008 - "Spam originating from Google's Gmail domain doubled last month, indicating that spammers are still defeating the CAPTCHA , the distorted text used as a security test to thwart mass registration of e-mail accounts and other Web site abuse. Gmail spam went from 1.3 percent of all spam e-mail to 2.6 percent in February, according to data released by e-mail security vendor MessageLabs on Monday. The new statistics are another nail in the coffin for CAPTCHA..."

:techsupport:

Edited by apluswebmaster, 11 March 2008 - 10:35 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#5 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 11 April 2008 - 05:13 AM

FYI...

Gmail/Yahoo!Mail - botnet SPAM thru compromised webmail
- http://www.theregist...mail_throttled/
10 April 2008 - "The growing abuse of webmail services to send spam has led anti-spam services to throttle messages from Gmail and Yahoo! Over recent months security firms have reported that the Windows Live CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by Hotmail, and the equivalent system at Gmail, have been broken by automated attacks... Anti-spam filtering services such as MessageLabs have responded by throttling or slowing down the connection. "We're seeing more spam coming from Gmail and Yahoo!. Where a service is widely abused its reputation goes down and it's held back in the queue. This happens automatically," explained MessageLabs security analyst Paul Wood. The approach, one stage in a multi-stage scanning and filtering process, is designed to make life difficult for spammers using botnets to send spam through compromised webmail accounts... The proportion of spam from Gmail increased two-fold from 1.3 per cent in January to 2.6 per cent in February, most of which spamvertised skin-flick websites. Yahoo! Mail was the most abused web mail service, responsible for sending 88.7 per cent of all web mail-based spam..."

:ph34r:
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 25 August 2008 - 06:24 AM

FYI...

Google / Yahoo SPAM_A_LOT accounts...
- http://voices.washin...ng_anti-sp.html
August 25, 2008 - "...new accounts, of course, are not logged yet by anti-spam filters, so they give spammers a new platform to deliver their garbage. Also, Google's or Yahoo's domains are unlikely to be blacklisted by anti-spam groups... The main anti-captcha.com service is something of a fixed-price menu: They charge $1 for every 1,000 CAPTCHAs you send. But the site also features an la carte menu, selling new and used Gmail and Yahoo Web mail accounts in bulk. Currently offered are packages for 1,000, 10,000 and even 100,000 accounts at a time. Anti-captcha.com is selling 1,000 new Gmail accounts for $8, 10,000 Gmail accounts for $64, and 50,000 pristine Gmail inboxes for $280. Some 100,000 used Yahoo! mail accounts can be had for $150 to $200."

//
.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 08 September 2008 - 09:35 AM

FYI...

Email, Web, and Web 2.0 Blended Attacks
- http://securitylabs....Blogs/3176.aspx
09.08.2008 - "...For the spammers, the entire attack strategy always includes more than registering email accounts using Anti-CAPTCHA operations, sending mass emails over the Internet, infecting thousands of user machines, and stealing information. It also involves switching the attack strategy with a mindset of targeting both Email and Web space using a combination of different tactics, which could be manual as well as automated, to carry out various attacks... The spammers are now using such operations for a variety of social-engineering attacks, a trend that has been increasingly common with various popular Web 2.0 sites... spammers are observed to be using Google’s well-known blog publishing system, Blogger, for posting random comments to blogs, wikis, guestbooks, or other publicly accessible online discussion boards for promoting their products and services, adware installations, and malware infections for stealing information... Spammers create such splogs using machine-generated or hijacked content with the aim of targeting unsuspecting users. Also, observe that spammers also include links in their splogs referring to legitimate sites in order to trick users... Once the blog owners are victimized with such tactics, the spammers' next phase is to target the blog owner’s email address with mass emails to carry out different attacks..."
(Screenshots available at the URL above.)

Google Apps...
- http://web.nvd.nist....d=CVE-2008-3891
Last revised:09/05/2008

:!:

Edited by apluswebmaster, 08 September 2008 - 09:53 AM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.




Member of UNITE
Support SpywareInfo Forum - click the button