EmailSafety.net - Spammers ramp up siege on Google's Blogger via bots

Spammers ramp up siege on Google's Blogger via bots

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Spammers are using an automated method to create bogus pages on Google's Blogger service, again highlighting the diminishing effectiveness of a security system intended to stop mass account registrations, according to security vendor Websense.

The spammers are sending coded instructions to PCs in their botnets, or networks of computers that have been infected with malicious software, wrote Sumeet Prasad, a threat analyst, on Websense's blog.

Those sophisticated instructions tell PCs how to register a free account on Blogger. The spammers also figured out a way to solve the CAPTCHA (Completely Automated Public Turing test to Tell Computers and Humans Apart), the warped text that has to be deciphered in order to complete an account registration.

The compromised PC sends a request to an external host that tries to solve the CAPTCHA and then sends the answer back to the PC. Websense estimates the process has an 8 to 13 percent success rate.

Want to compare security products? Visit the IT Buyer's Guides now.

It's unknown how exactly the CAPTCHA gets solved. It's been theorized the process has been outsourced to real humans who get paid for every one deciphered. But researchers have successfully developed methods that enable computers to increase their success rate at solving the puzzles, indicating that hackers have also figured out how to do it.

Security vendors and researchers have seen a rapid rise in accounts used for spam on free e-mail services from Microsoft, Yahoo and Google, indicating current CAPTCHA technology has reached the end its usefulness.

In this case, the Blogger pages created by the spammers are then used to promote the usual line of spammer goods. But many of those sites are rigged with JavaScript that redirects the browser to another spammy Web site.

"Spammers include these redirecting accounts in different spam campaigns rather than including their actual spam domains," Prasad wrote. "Spammers use this tactic to defeat a range of antispam services."

In effect, they're using Google's Blogger domain as a shield, as it's unlikely to be blocked by other security software products for being a suspicious domain.

1 | 2 | Next >

The IDG News Service is a Network World affiliate.

Recent News:

· McColo takedown: Vigilantism or Neighborhood Watch?
· Spam drop could boost Trojan attacks
· Hosting firm shutdown forces botnets to relocate
· ISP cut off from Internet after security concerns
· Spam plummets after hosting service shuttered

Site Map | Recent News | Related Sites