Creative Ways Spammers Get Past CAPTCHA
Many blogs and websites are using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) systems to help weed out spam comments. Spam comments are sent by bots, and CAPTCHA systems are designed to test whether the comment is from a human or a bot. An example looks like this:
So how are spammers trying to get around it? They are using creative ways to trick humans into solving the CAPTCHA riddles:
In the new scam, an icon of an alluring woman suddenly appears on a Windows computer infected by a virus. After clicking on the icon, the user sees a photo of an attractive woman who vows to take off an article of clothing each time the jumble of figures next to her is entered.
But the woman never fully undresses, and after several passwords are entered the program restarts, possibly enticing unsuspecting users into trying again. . . .
Paul Ferguson, network architect at Trend Micro, speculated that spammers might be using the results to write a program to automatically bypass CAPTCHA systems.
“I have to hand it to them,” Ferguson said, laughing. “The social engineering aspect here is pretty clever.”