Spammers outwit Google's captchas
Spammers have apparently partly managed to get around Google's protection against automatic scripts creating Google e-mail accounts. According to e-mail service provider MessageLabs, the captcha detection rate of new spamming tools is between 20 and 30 per cent. At that rate, a sufficient number of spamming accounts can be created to make the exercise worthwhile.
The share of spam e-mail with Google source addresses has increased from 1.3 per cent to 2.6 per cent of the total volume. Google e-mail accounts are probably popular among spammers because the domains are not included in any blacklists. MessageLabs says that Yahoo! addresses lead the way with almost 90 per cent.
It is not clear how spammers have increased the Google captcha detection rate. In mid February, security service provider Websense pointed out the problem but only outlined the technique in its analysis. Two spambots are involved in "captcha breaking", each of which probably uses a different detection function. At the beginning of February, Webesense reported that spammers had cracked the captchas used at Microsoft Live Mail.
- Spammers defeat Google CAPTCHA mechanisms, report at MessageLabs
- Google’s CAPTCHA busted in recent spammer tactics, analysis by Websense