IT Security & Network Security News & Reviews: Bredolab, Spam and the CAPTCHA-Cracking Biz

By Brian Prince  |  Posted 2010-01-25 Print this article Print
Bredolab, Spam and the CAPTCHA-Cracking Biz

Bredolab, Spam and the CAPTCHA-Cracking Biz

by Brian Prince
Meet Bredolab. Bredolab represents what Fortinet calls a simplified botnet—a "loader" that simply connects to a remote server to report and receive files to download and execute. Fortinet has linked Bredolab to an innovative new spam engine called Webwail as well as an uptick in the growth of attacker services focused on cracking CAPTCHAs. By circumventing CAPTCHA protections, spammers can sign up for legitimate Web e-mail accounts to send out spam, making it harder for security vendors to block their messages. Fortinet Threat Researcher Derek Manky predicts more Web engines like Webwail will be developed, driving a growth in CAPTCHA-solving services. Here, eWEEK looks at Webwail and Bredolab, and shows what could be a new security threat: loaders sold as services to buyers looking to distribute malware.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel