Will Knight, online technology editor
New Scientist: CAPTCHAs conquered?
Have spammers found a way to beat CAPTCHA tests - the little character puzzles that are widely used to confuse software bots?
Not exactly. But this is the daunting prospect raised in several recent news stories. These articles describe a malicious program called Trojan.Spammer.HotLan.A, which creates free email accounts using services like Hotmail and Yahoo. Some experts say the Trojan can create about 500 bogus Hotmail accounts every hour.
"They've found a way to bypass the CAPTCHA system by using optical character recognition," warns Vitor Souza, a manager at BitDefender. "The software reads the images and transforms it into text. Once it bypasses the CAPTCHA system, it enables them to automatically create the e-mail accounts."
This struck me as a bit odd. Recognising the kinds of characters used in CAPTCHAs remains a significant challenge in computer vision. So, unless spammers are carrying out fairly state-of-the-art research, it's hard to see how they could have defeated them.
Suitably puzzled, I called up the head of BitDefenders anti-virus labs in Romania, Viorel Canja, who explained all. It turns out the Trojan creates free email accounts by copying each CAPTCHA and sending it off to another computer for processing. This process may be automatic, or may be done done manually. At the moment, it isn't clear.
Luis Von Ahn of Carnegie Mellon University - one of the people who invented the CAPTCHA test - thinks the process can only be manual. He notes out that creating 500 new accounts per hour is hardly impressive. "If you think about it, a single human can get about 400 per hour if they just sit there typing," he told me. "Before CAPTCHA, bots could get more than two million accounts per day."
This seems to suggest that, should spammers ever work out how to beat CAPTCHA tests automatically, we'll really know about.
New Scientist: CAPTCHAs conquered?
Have spammers found a way to beat CAPTCHA tests - the little character puzzles that are widely used to confuse software bots?
Not exactly. But this is the daunting prospect raised in several recent news stories. These articles describe a malicious program called Trojan.Spammer.HotLan.A, which creates free email accounts using services like Hotmail and Yahoo. Some experts say the Trojan can create about 500 bogus Hotmail accounts every hour.
"They've found a way to bypass the CAPTCHA system by using optical character recognition," warns Vitor Souza, a manager at BitDefender. "The software reads the images and transforms it into text. Once it bypasses the CAPTCHA system, it enables them to automatically create the e-mail accounts."
This struck me as a bit odd. Recognising the kinds of characters used in CAPTCHAs remains a significant challenge in computer vision. So, unless spammers are carrying out fairly state-of-the-art research, it's hard to see how they could have defeated them.
Suitably puzzled, I called up the head of BitDefenders anti-virus labs in Romania, Viorel Canja, who explained all. It turns out the Trojan creates free email accounts by copying each CAPTCHA and sending it off to another computer for processing. This process may be automatic, or may be done done manually. At the moment, it isn't clear.
Luis Von Ahn of Carnegie Mellon University - one of the people who invented the CAPTCHA test - thinks the process can only be manual. He notes out that creating 500 new accounts per hour is hardly impressive. "If you think about it, a single human can get about 400 per hour if they just sit there typing," he told me. "Before CAPTCHA, bots could get more than two million accounts per day."
This seems to suggest that, should spammers ever work out how to beat CAPTCHA tests automatically, we'll really know about.
