Spammers overcome Hotmail and Yahoo CAPTCHA systems

July 8, 2007

Spammers overcome Hotmail and Yahoo CAPTCHA systems It appears that spammers have found a way of automatically creating Hotmail and Yahoo email accounts, having already created more than 15,000 bogus Hotmail accounts, according to security company BitDefender.

Both Microsoft and Yahoo use “captcha” systems to stop email accounts from being automatically generated; accounts aren’t created until a new user correctly identifies letters depicted in an image. CAPTCHA systems are designed to ensure that the letters are not easily recognized by machines.

BitDefender says that a new threat, dubbed Trojan.Spammer.HotLan.A, is using automatically generated Yahoo and Hotmail accounts to send out spam email, which suggests that spammers have found a way to overcome Microsoft’s and Yahoo’s CAPTCHA systems.

According to BitDefender, every active copy of the Trojan accesses an email account, then pulls encrypted spam e-mails from a website, decrypts them and sends them to presumably valid addresses taken from yet another website.

The spam e-mail currently being distributed is trying to lead users to a site that advertises pharmacy products. Common spammer techniques are used in the e-mail body, such as bayesian poisoning and a random e-mail subject.

“There are only about 500 or so new accounts being created every hour,” said Viorel Canja, the head of the BitDefender Antivirus Lab.

“But still, we’ve seen 15,000+ Hotmail accounts being used so far. It’s hard to estimate how many spam e-mails have already been sent.”

BitDefender claims to be the first security company to detect Trojan.Spammer.HotLan.A and add a signature.

Be Sociable, Share!

15 Responses to “Spammers overcome Hotmail and Yahoo CAPTCHA systems”

  1. Dismayed:

    If only these spammers turned their attention to something constructive … it seems their talents are really being misused…

  2. smee:

    Spamming sucks :(

  3. Rossco -

    Darwinism principles apply to all things, including an I.T ecosystem.

  4. Jkline:

    Frankly, it doesn’t matter what people are thinking for alternatives, the problem is that someone is paying these people money to shovel this crap down everyones throats, and until you remove the financial incentives, the problem will never cease.

    Spamming does suck but there doesn’t seem to be any real concern by the Fed’s who are rather complacent to the issue. Sure they passed a few *token* laws but those are just to show people that they care when they really might themselves be somehow involved in it as a means of supplementing their incomes under the table.

    At least this is sure what it looks like on the outside. IMHO

  5. Darwin:

    Yes, the spammers are evolving. What will natures response be?

  6. Peter Boos:

    Most spam originates from America, how about some more active policy against it, consider it as a crime.

  7. Dimitris:

    Has anyone tried

  8. SiL:

    If you do some digging you’ll see that several spammers are selling auto-generated Hotmail, Yahoo and AOL accounts to anyone willing to pay for them. They also mention having hired people to pass the captcha for them. This was back around October 2006. The new “rage” in spamming appears to be what are referred to as “internal” mailers, i.e.: create an account on Hotmail, for use in spam-runs against Hotmail accounts. It bypasses more filters and is sent almost immediately, which is not what Hotmail would do with any external email domain.

    Why Hotmail, Yahoo, et al, wouldn’t already know this is beyond me. They should have had some kind of blocking in place for this type of automated account creation months ago.

    SiL / IKS / concerned citizen

  9. Omar Valerio:

    I believe way it works is as follows. They start creating an account, and parse the HTML page generated by Hotmail/Yahoo registration systems to get the image they are supposed to identify.

    Then they post that same image to someone else interested in downloading pirated content from the web.

    Finally they re-route the human input answer to email registration engine.

    I understand that’s how an innovative OCR engine really works, distribute the OCR work among thousands of unwilling humans.

  10. Chi Chi:

    My mailbox (postal, not email) gets stuffed everyday. Have we ever gotten around that problem yet? There are even laws allowing people to spam you with snail mail. Everytime you throw a paper into the trash, you are directly contributing to deforestation and global warming. I think compared to that, spamming is just a minor inconvenience that we can cope with (of course with the help of smarter junk mail filters).

  11. Denis:


    We are tired receiving spam. Is tthere any authority where to send the spammer details and have to stop them one by one?? I think that jail is not enough and have them count sahar sand grains should be better.

    Thanks to give me an answer regarding the authorities concerned.


  12. lanlan00:

    [url=] wow accounts[/url]

  13. Richard:

    From: Microsoft Online Customer Service []
    Sent: Tuesday, February 10, 2009 6:01 PM
    To: Richard
    Subject: RE: SRX1093265825ID – spammer from hotmail

    Hello Richard,

    Thank you for contacting Microsoft Customer Service.

    I understand from your e-mail that you receive more than 100 e-mails per day from the same person and you would like to stop it. I know how annoying this can be.

    I recommend that you contact your e-mail domain support team, who will be in a better position to resolve the issue soon.

    I hope the issue will be resolved soon.

    Thank you,

    Microsoft Customer Service Representative

  14. mrs joy abali:

    PLOT 102 RUE 12 KOUMASSI 32

    My Dear,
    It’s my pleasure to contact you for a business venture which I and my Son,intend to establish in your country. Though I have not met with you before but I believe,one has to risk confiding in someone to succeed sometimes in life.

    There is this huge amount of Seven Million U.S dollar ($7,000,000.00) which my late Husband kept for us in a security house here in Abidjan, Cote d’Ivoire before he was assasinated by unknown persons. Now i and my son have decided to invest this money in your country or anywhere safe enough outside Africa for security and political reasons.

    We want you to help us to transfer this fund to your country for investment purposes on the followings below:
    1). Estate Industry
    2). Hotel Industry

    If you can be of an assistance to us we will be pleased to offer to you 15% Of the total fund on our arrival to your country.
    I await your soonest response. Extend my warmest regards to your entire family.
    Thank you and God bless you.
    Sincerely yours,
    PLOT 102 RUE 12 KOUMASSI 32

  15. geoge:


Leave a Reply:

Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content


Copyright © 2014 NS