It appears that spammers have found a way of automatically creating Hotmail and Yahoo email accounts, having already created more than 15,000 bogus Hotmail accounts, according to security company BitDefender.
Both Microsoft and Yahoo use “captcha” systems to stop email accounts from being automatically generated; accounts aren’t created until a new user correctly identifies letters depicted in an image. CAPTCHA systems are designed to ensure that the letters are not easily recognized by machines.
BitDefender says that a new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft’s and Yahoo’s CAPTCHA systems.
According to BitDefender, every active copy of the Trojan accesses an email account, then pulls encrypted spam e-mails from a website, decrypts them and sends them to presumably valid addresses taken from yet another website.
The spam e-mail currently being distributed is trying to lead users to a site that advertises pharmacy products. Common spammer techniques are used in the e-mail body, such as bayesian poisoning and a random e-mail subject.
“There are only about 500 or so new accounts being created every hour,” said Viorel Canja, the head of the BitDefender Antivirus Lab.
“But still, we’ve seen 15,000+ Hotmail accounts being used so far. It’s hard to estimate how many spam e-mails have already been sent.”
BitDefender claims to be the first security company to detect Trojan.Spammer.HotLan.A and add a signature.