Custom Search

February 27, 2008

Google’s CAPTCHA busted in recent spammer tactics

Google's CAPTCHA busted in recent spammer tactics

Feb 22 2008 4:52PM


Websense Security Labs has discovered that Google's popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to created bots that are capable of signing up and creating random Gmail accounts for spamming purposes.

Websense believes that from the spammers' perspective, there are four main advantages to this approach. First, signing up for an account with Google allows access to its wide portfolio of services. Second, Google's domains are unlikely to be blacklisted. Third, they are free to sign up. And fourth, it may be hard to keep track of them as millions of users worldwide are using various Google services on a regular basis.

Gmail, called Google Mail in Germany, Austria and the United Kingdom, is a free Web-based email (webmail), POP3 and IMAP e-mail service provided by Google. It was released on April 1, 2004 as a private beta release by invitation only and was opened to all as a public beta on February 7, 2007. With an initial storage capacity of 1 GB, it dramatically increased the standard for free storage.

Gmail currently offers over 6000 MB of free storage with an additional 10 GB available for US$20 per year. Gmail is well-known for its simplicity and flexibility, its user-friendly design; and has tens of millions of users globally.

Screenshots showing Gmail accounts being signed on compromised machines:

Your browser may not support display of this image. 

Screenshots showing the spammer accounts created: 

Your browser may not support display of this image. 

Websense believes that these accounts could be used by spammers at any time for abusing Google's infrastructure. A wide range of attacks could be possible as the same account credentials can be used to target various services offered by Google.

Read more.....

No comments: