Spammers overcome Hotmail and Yahoo CAPTCHA systems
By John Pospisil
It appears that spammers have found a way of automatically creating Hotmail and Yahoo email accounts, having already created more than 15,000 bogus Hotmail accounts, according to security company BitDefender.
Both Microsoft and Yahoo use “captcha” systems to stop email accounts from being automatically generated; accounts aren’t created until a new user correctly identifies letters depicted in an image. CAPTCHA systems are designed to ensure that the letters are not easily recognized by machines.
BitDefender says that a new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft’s and Yahoo’s CAPTCHA systems.
According to BitDefender, every active copy of the Trojan accesses an email account, then pulls encrypted spam e-mails from a website, decrypts them and sends them to presumably valid addresses taken from yet another website.
The spam e-mail currently being distributed is trying to lead users to a site that advertises pharmacy products. Common spammer techniques are used in the e-mail body, such as bayesian poisoning and a random e-mail subject.
“There are only about 500 or so new accounts being created every hour,” said Viorel Canja, the head of the BitDefender Antivirus Lab.
“But still, we’ve seen 15,000+ Hotmail accounts being used so far. It’s hard to estimate how many spam e-mails have already been sent.”
BitDefender claims to be the first security company to detect Trojan.Spammer.HotLan.A and add a signature.
Related:
Entry was posted
on Sunday, July 8th, 2007 at 11:30 am
under 
Print This Post
Read more entries by John Pospisil.
Stumble It!
July 9th, 2007
If only these spammers turned their attention to something constructive … it seems their talents are really being misused…
July 9th, 2007
Spamming sucks :(
July 9th, 2007
Darwinism principles apply to all things, including an I.T ecosystem.
July 9th, 2007
Frankly, it doesn’t matter what people are thinking for alternatives, the problem is that someone is paying these people money to shovel this crap down everyones throats, and until you remove the financial incentives, the problem will never cease.
Spamming does suck but there doesn’t seem to be any real concern by the Fed’s who are rather complacent to the issue. Sure they passed a few *token* laws but those are just to show people that they care when they really might themselves be somehow involved in it as a means of supplementing their incomes under the table.
At least this is sure what it looks like on the outside. IMHO
July 9th, 2007
Yes, the spammers are evolving. What will natures response be?
July 9th, 2007
Most spam originates from America, how about some more active policy against it, consider it as a crime.
July 9th, 2007
Has anyone tried ReCaptcha.net?
July 9th, 2007
If you do some digging you’ll see that several spammers are selling auto-generated Hotmail, Yahoo and AOL accounts to anyone willing to pay for them. They also mention having hired people to pass the captcha for them. This was back around October 2006. The new “rage” in spamming appears to be what are referred to as “internal” mailers, i.e.: create an account on Hotmail, for use in spam-runs against Hotmail accounts. It bypasses more filters and is sent almost immediately, which is not what Hotmail would do with any external email domain.
Why Hotmail, Yahoo, et al, wouldn’t already know this is beyond me. They should have had some kind of blocking in place for this type of automated account creation months ago.
SiL / IKS / concerned citizen
July 9th, 2007
I believe way it works is as follows. They start creating an account, and parse the HTML page generated by Hotmail/Yahoo registration systems to get the image they are supposed to identify.
Then they post that same image to someone else interested in downloading pirated content from the web.
Finally they re-route the human input answer to email registration engine.
I understand that’s how an innovative OCR engine really works, distribute the OCR work among thousands of unwilling humans.
July 9th, 2007
My mailbox (postal, not email) gets stuffed everyday. Have we ever gotten around that problem yet? There are even laws allowing people to spam you with snail mail. Everytime you throw a paper into the trash, you are directly contributing to deforestation and global warming. I think compared to that, spamming is just a minor inconvenience that we can cope with (of course with the help of smarter junk mail filters).
July 11th, 2007
Hello,
We are tired receiving spam. Is tthere any authority where to send the spammer details and have to stop them one by one?? I think that jail is not enough and have them count sahar sand grains should be better.
Thanks to give me an answer regarding the authorities concerned.
Denis
December 9th, 2008
[url=http://www.accountol.com] wow accounts[/url]
February 11th, 2009
From: Microsoft Online Customer Service [mailto:CNTUS.PRCS.NA.00.EN.TRA.BGL.CS.T01.CUS.00.WB@css.one.microsoft.com]
Sent: Tuesday, February 10, 2009 6:01 PM
To: Richard
Subject: RE: SRX1093265825ID - spammer from hotmail
Hello Richard,
Thank you for contacting Microsoft Customer Service.
I understand from your e-mail that you receive more than 100 e-mails per day from the same person and you would like to stop it. I know how annoying this can be.
I recommend that you contact your e-mail domain support team, who will be in a better position to resolve the issue soon.
I hope the issue will be resolved soon.
Thank you,
Satish
Microsoft Customer Service Representative