Microsoft Windows Live Mail's CAPTCHA defense falls to spam bots

Summary:Microsoft's Windows Live Mail is being targeted by spammers adept at eluding CAPTCHA protection, according to Websense.According to Websense, spammers have created bots that are capable of creating random Live Mail accounts and then using them to launch attacks.

Microsoft's Windows Live Mail is being targeted by spammers adept at eluding CAPTCHA protection, according to Websense.

According to Websense, spammers have created bots that are capable of creating random Live Mail accounts and then using them to launch attacks. In other words, the CAPTCHA defense doesn't work. A CAPTCHA is a program that protects websites against bots by generating tests that humans can pass but current computer allegedly programs can't.

wbsn1.png
In its blog, Websense says the whole bot-as-email-account process is automated. For instance, Jay's email account to the right was created by a bot. Websense added:

Websense believes that there are three main advantages to this approach for the spammers. First, the Microsoft domain is unlikely to be blacklisted. Second, they are free to sign up. And third, it may be hard to keep track of them as there are millions of users worldwide using the service.

Here's how the bot works:

1. The bot goes to the Live Mail registration page and fills out the form fields (just as you would do) with random data;

2. When the CAPTCHA verification comes up, the bot sends the image to its breaking service.

3. The bot gets the answer and plugs it in.

4. Now spammers add a few gazillion accounts for malicious endeavors.

5. The spam barrage ensues. Here's an image courtesy of Websense, which features a lot more on its blog.

wbsn.png

Websense estimates that about 30 percent to 35 percent of these CAPTCHA killing attempts works. Websense has the screen shot walk through. It's a fascinating--and totally evil--bot. Websense also reckons that these attacks could extend to other Live services including Messenger and online storage.

Topics: Windows, Microsoft

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.