Trojan tricks users into reading captchas
Trend Micro and Panda Software report a trojan which persuades users to read captchas (Completely Automated Public Turing Test to Tell Computers and Humans Apart). The trojan known as RompeCaptchas.A, Captchar or Captcha Breaker then abuses its victims as human character recognition routines and can thus operate without intricate OCR requiring considerable computing power of its own. The trojan communicates with a malicious server that also connects to some selected legitimate site that uses captchas, in this case Yahoo. The server redirects the protective captchas issued by Yahoo to the trojan, which in turn presents them to the user. The user's responses are passed back to the server, which exploits them to create Yahoo mail accounts for spamming purposes.
To camouflage their malicious activities, the programmers of Captcha Breaker lead users to believe they are accessing a striptease programme where each piece of clothing to be taken off requires entering a particular captcha - which was actually provided by Yahoo.
The trojan can generally be used for any web pages requiring captcha authorisation. Neither Trend Micro nor Panda describe how the malware gets onto users' PCs, but most likely it finds its way there as an email attachment. You can find tips and tools for safe email communication and protection against trojans and viruses on the heise Security anti-virus pages.
- CAPTCHA Wish Your Girlfriend Was Hot Like Me?, blog entry by Trend Micro
- A new way of social engineering, blog entry by Panda