Spammers have taken to cracking CAPTCHA protection for Microsoft Hotmail, Google Gmail and other Web mail services in recent years. Startup company Pramana is pushing a proactive approach to keeping botnets at bay.
CAPTCHA cracking has become big business for
spammers, and there has been no shortage of chinks in the armor.
But a startup is taking a new approach to the
-available as an appliance or as SAAS (software as a service)-is HumanPresent,
the technology the company is aiming directly at spammers who have made a
business out of defeating CAPTCHA.
Conceived at the Georgia Institute of Technology's
College of Computing, Pramana was founded in
June 2007. The company is targeting four major
markets: financial services, online gaming and gambling, Web mail, and ISPs and
social networking sites.
In recent years, spammers
have made mincemeat of CAPTCHA protections
for Google Gmail, Yahoo and
other Web mail services. Much
of this spamming work
is done by botnets, and this is where Pramana said it
feels its approach can serve as a vanguard of sorts.
Unlike other products, Pramana's HumanPresent technology
doesn't fingerprint devices to identify a bot activity. Instead it
works by monitoring and validating the entire user session from the
beginning of a transaction to the end. The technology is deployed as an
in a customer's Website and is transparent to the user.
When a request is made to a Website, the company
protecting the customer contacts Pramana's server. Pramana responds with a
tests executed on the back end, at the client's site. After the user has
entered information and the page is submitted or unloaded, the results of the
tests are sent back to Pramana and put through its algorithm.
"We capture everything about the human
behavior-the time between actions, the time during actions, every event fired,
every possible mouse movement [or] click, [and] so on [and] so forth-and we put
that through some algorithms that have literally been five years in the making,"
explained Pramana CEO
The company is constantly expanding its heuristics
database, which regularly updates all Pramana servers with new Turing tests to
implement. The idea is to prevent tests from becoming stale and to adjust to
threats around the globe.
"It's proactive," Crowder said. "What
I mean by that is the thing that strikes me the most is if you look at the
paradigm right now with the virus situation, by definition every virus has to
be successful [before] the anti-virus companies react to it ...We are like that
for the bots."
He continued, "We're the guys constantly
coming up with the ways they would have to defeat us, and they're never going
to catch us. Just like we're never going to catch the virus authors ... the bots
and the botnet fraudsters are always going to be reactive to us. We're
constantly adding these new strategies, the Turing tests, every single week."