"Spammers are once again targeting Microsoft's Hotmail (Live Hotmail) services. We have discovered that spammers, in a recent aggressive move, have managed to create automated bots that can sign up for and create random Hotmail accounts, defeating Microsoft's latest, revised CAPTCHA system. The accounts are then used to send mass-mailings.
10% to 15% recognition rate or "one in every 8 to 10 attempts to sign up for a Live Hotmail account is successful" as stated by Websense, is a bit of a modest success rate given that the academic community has managed to achieve 92% recognition rate in the past. But with hundreds of thousands of malware infected hosts, it appears that they are willing to allocate resources despite the modest success rate, and are actively spamming through the newly registered bogus email accounts.
Is machine learning CAPTCHA breaking the tactic of choice, or is the recently uncovered CAPTCHA solving economy the outsourcing model cost-effective enough to undermine the machine learning approach? With low-waged humans achieving a 100% recognition rate and processing "bogus account registration" orders, it may in fact be more cost-effective for a cybercriminal to outsource the process, than allocating personal resources and achieving a lower success rate. One thing's for sure - CAPTCHA based authentication has been persistently under attack from all fronts, during the entire 2008.