|
SPAMMERS have been defeating Google’s anti-spam Captcha mechanisms during February, doubling the volume of spam generated out of the Gmail service during the month, according security specialist MessageLabs.
The MessageLabs Intelligence Report for February found the proportion of spam generated by Gmail had increased two-fold from 1.3 per cent January to 2.6 per cent last month – mainly promoting adult-oriented websites.
The report found that 4.6 per cent of all spam is generated through Web mail services. By far the most abused service is Yahoo! Mail, which accounts for 88 per cent of all Web mail-based spam.
Hackers have relied on new techniques for evading spam detection which involves computationally solving anti-spam Captcha’s, mechanisms designed to eliminate automated sign-up tools used by spammers by requiring the user to perform a task that can only be done by a human.
Once hackers develop a computational method with a 20-30 percent success rate they can use botnets to create unlimited numbers of accounts on compromised services. Yahoo! Mail and Hotmail Captcha’s were first broken last July, and the increase in spam from Gmail this month might be indicative of similar success.
“There are several approaches a spammer can take to defeat a CAPTCHA,” said MessageLabs chief security analyst Mark Sunner.
“Whether they do so using an algorithm, a ‘mechanical turk’ or combination of the two, email providers are feeling the pressure to keep pace but are limited to what a human can realistically solve creating ever more doubt surrounding the long-term effectiveness of the CAPTCHA as a security mechanism for protecting email services from abuse,” Mr Sunner said.
|
