Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Striptease Used to Recruit Help in Cracking Sites



 By: Lisa Vaas
2007-10-31
Article Rating:starstarstarstarstar / 3


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Malware authors are using a scantily clad lady to dupe players into decoding legitimate site CAPTCHAs.

Frustrated malware authors are duping people into decoding legitimate site CAPTCHA images for them with the help of a striptease.

Trend Micro has identified the program as TROJ_CAPTCHAR.A, a striptease game wherein the player enters the letters hiding within a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) image. For each correct entry, more clothes come off in photos of a scantily clad woman identified as "Melissa."

Resource Library:
The CAPTCHAs shown in Trend Micros posting were taken from Yahoo in what the security firm thinks is a possible pointer to a build-up of Yahoo account information, possibly for the purposes of spamming.

CAPTCHAs were first deployed to fight off bots and other automated software such as spam generators. Used to differentiate humans from automated processes, theyre put up to protect systems vulnerable to spam, including Web mail services from Gmail, Hotmail and Yahoo, but are also used to prevent automated posting to blogs or forums.

Ticket brokers busted beating TicketMaster CAPTCHAs. Click here to read more.

Visitors validate themselves as human by deciphering a sequence of alphanumeric characters embedded in an image that is supposed to be unreadable by machines, although OCR (Optical Character Recognition) can be used to thwart the tests.

"Some people are really hooked up on defeating the CAPTCHA, and they are literally asking for public help, in a rather discreet—and, um, provocative—manner," TrendLabs Roderick Ordoñez said about the striptease CAPTCHA stunt, in a posting.

Answers entered by striptease gamers are routed to a remote server, Trend reports, where a malicious user matches the correct code for a given CAPTCHA on Yahoos site.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Striptease Used to Recruit Help in Cracking Sites
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}r۸j9kmH)ٖcؖēSHH"Hʎg 7]hɗ$w-`n4~vv$IM˙sל۔\sPç v$vv~M2i* d&@ jہ)}mk4 uBZ[;#|6S%?w *s=NNKԚLæzc&$l dkbp,FcwO5d{9B ~5[6m(GJ| ZB'?+B43 \2HTߦuB){Te䆡;g? CxKt/"(?c&cZ8;x#fwgB(ƻFՉziZgdd vu=yͨKQf3r=B?L*-M DƞHC d#̒JKN`:rm3G^C]õ]Z.R͌eCwt=POMҷB($g >v?&?Q Ig%KaW+)K5?GރN8CEnڏU[۾tw玹Ojrt˜HJo~cns(p}=\'BL}:n/EӝÌfؖqSth(́V* (ZPʍxxg9{ؖ3lTzEÝ1ϔi8_tO/ $(֝h m+iu]+i U;yԺ} g od}#5*%`ZJ4_S::_B ,=Ja͢4-I`߶If@7[)@m? +:6 6kiJuV!`FCܺm49,蟩$m4@r5YSl؅ ROF4'N XZEU>hi"A[T}OW%ތ1E|r+ef"ȅQ.%->Ć>Ly%Ku}7pWm]zlNVڒ1Wb{(1eޡ:I=p9&E;~]8^%g 5F4 ,heݴ%!g8W5MGVm$cW*P\?(ËJCU~^p-Aqj2B c=M:vXy8`;}F_wgԴHwH<: M/C˥uj1@ L^a xpw>-Fv1s{Q {>0iCkFY`GI l"&qsк`o`2fàF{t$,/G`\@48`$8ʼE]uCbB=ٚꖭ,L<ħܠ~(~9-WR;C/0"= EEKy3@ $h-az. ŊIHXVphT6ݞH:s'PT>Wh&3aGe-n^ d6gF2+LYg0V-&D7rb.G EwKቖ&ZlY.+֨M{:eXG }= 3ܲM҆%Ll;!9?b! s WQ'c: xwCoBCEw[J0aEiŬ9g)9i|X#ܓ~KM9X0N-cJb+H5LôLhD,ioa5SN`cܐ^̜w07ÚL ~D'艅m>`T4fs)wdmrn)s77UBsNHB/W2 \_&VAB5 6d:ɤPl';oWfG) zS7HhpLa)e ֤ԺLkQAa ĵa`{s1rl^̳tgqq88[ZO:žtіgoxO擫Npu у=9Je!6c{e߯#;_=)V}B~, Ӥ`k@Lf2,rǮmwAu،;$ Ei{ 9y$p}r)#‰5j!| jjx0A,cןř¨0qqԺ7 2­qŝa&1 DR)Ö13wdi';םT'咢TS+јVIaǂf28҇F18=[ |{*F/#eIF:ĝCݸ{ȫ"w~kPow(* xg4sgDcC6jC+'&lEk4FU+-g}X!2␞n{=%ùQOR4H9n6=RJ 2=cte>u1#i}KU!Ӕ*eάɲ7(Ъ6#iC/%e.N1)Q;/&v}j;_&I|SeYȃV)+Y+T\U񋰷8C+`-XRj# L*"o&ŏ[o(urN3HGP*~JePIu|f*kZQR^?*4rO,ش,6"h -z ez(̖ M%4e%3E/쎸-9DXPV9ɷwnj‰; +An)ɑ$ |C* D;}ZTe&㘘= ՕK( L $q* N=YtW%p=Oz}=g|L8@wet{AvNqa^>{q 4 }M^w~'z.y]Mqr`SRh3 J@F$bw}WszZ^+6zv9D2DH#r zy]B|wֻGY#{.[j܉gw, YE# BuW Ǎ5Ak3d4)(3z0<㹑a3 "APKsřb9ki.Dz=t_5g0T `-)۵sgcs}uYLPH:>Xa@HR ~tqy .g@d@Anp+z!NU HE*e4ДKe=:)K<;ڜ) 5;Eſ}YVSX x4~WK0fAba+F+=ǭIlI NAn|:p_<Ĩ9r 7{KP -M>vS2MĜykNEm 펇{6-~=`rvGP2)bz&I[ͨ ݖ:p<5 :)Oz.O|Nik'i^VӲQ6T$4%44QLNC]F+dC7g ҿl_lNpVHpo6_xvImK$h dgKe֊2 pkP Q,+ b >Ì+y-EY-Vyғ;q{81 TAkv,x\J}[<,'Mw[!=r٠sEaWO$ tD3(^XW;.zʜ(=~!G&zE>rF.Z=w;[Me's Cݿv_I]iNwo7UfᚎxZ J~l't6D(jEWc{w#9Ȫ̅S.R؉~'g#3^q:-: `tH_ulF臵4/ Z2fP:;G׍rGfcf0Xv}}U"u?h2i~J]݅;isVD)]Kĵ"vKJIɇymQzSDD6Kh#iv.R;+!bibI<$$bL1d0m=,x4h~ 29U"<u~Y)5Bxs#>'/΋Ofg=(WC}[Kѯn`Opn,\V #W+4 v'VUVew<ȯ_gÛ^.ʹjzm%.⛽Mh3%oAr_|k N"&S^~w B`Nk?13\xm]$z?h^`+@M6-0VvEqf{ [1+tҥ$gJY/VC}_ߩ$m5t-AmAɼ3Ь%5:&UJD:`=F3VL2=J6w5J&j` >ϋ$/> ztowwv]g34ֵW Zy_ڳKۨ_xSYٷ$64̫eֶod=I_E #(hILÑ@uœ3TQrY>jc"e8 @;0e3یS9cg_S`܀T*ZWIY?s/{| Ϟê>@3* I7~^G%H:s~T3,M?"Xlpìfo_`n2=y+_9uM1{ga)wWOsPwƒwYOaR-,:'w] "E7B~}/Vq6InLdW'w|o]N0ʍbDݵ:Z/3 pυB/o.He _M!AaD0 a B6?ė)} TDq vUz@YmӶv 05v1h}P2D#%10e(c$egs4V5Śx KEQ1ƞj=="@Ÿ Rxc) +hWxYB,p}&6K fZןQ¨E3, Y:K15\RMPWK.KBG2K*ߕlW1 {BZk|Teskɧj** iT-A8Ǜh1=Hsr3#lzZC JOk&DZOk]P;XifŲyj+n-{sxb(ͪNT&pdͪ͐ؓRc5n:Ұ&"N !LЭ%&|z`NB .kXl; W*ZTf0}TXC>,&txZڊRB{od\<:9o|pP[ozp׳)ȇڕm~\),Gw/0K{EMF^[C5XVlg vb"mkmnAjϳT["}FskGb^o972 l0V,-^`9Ud[h, ¨FJMaTwtc2n@$}~RJHuT7"Y`6و۳j!WTP6ijJǛh-;Q"}5&x|"2M0^+AZBB(YYv' .GG>!Uv/?VHY+R[YS!_E_t[6˝gZ ʇtMt77+ St4#?*){ڞU^Ϟi4<|0l@ "6 ?Ki:N~VP_G׀g"xBW7˽}D['ٍI+62 1jLlB/u\w:3rѹuU=<LG*Xȟ&a@SgIT(:6ߩ1u>{~gO.+Ja 3rk:*e1uaA~M l  \Zp4pB7Fsꢯ41"9'ph\pr@K`L+2&Bs8A_}&9N % =a k(E$rq0;eNq(gg:ͅfUv<)srʯj}Q8Sރ^N9r`}1ณS~GO>'9ywnu]_=.9пnN?ӽ)ws_hOY|Z9s}s{9ϡ99y'EcN)S~909{s#?0~9׃r?=/r qeW?W99~A ~_ח_c^91@9rsڿ\'I9s} S)ÜJu/*苼k Oy射8)o@y>*P/nr :WK?s9^}JFF&oˣqz]!,.5PW[k3/Y;3ݲI  r𞫫i@Lwe<ߔ[nNJ>S\ȜHWɴ&Vی E{"X5̽q>eybAR-c#mq8^ڃ}nC7V>n@x`: ~iMogn\Dpqk;O΋kwՕ֊ |3/߆zHٝzÀ}G]Vl<-t&n\eyf(/@FA@~cRF6^֪_p3lc}}>;su>^uCg>k'[*8y:S ?|Y&@Y8'Qدhع+jzGrt5pÅ̹H3aush4IjYj ~ZV-#\!p=b`:jUUEVrp` 5rF(2B4|OӴW]7tS+rc<{+4wpY-}?"z5~B@N,<1"W/cA6of!3^46T<gu~o'2Pd SebbZ;ˈLbT|Jx /qb/}K4l!Klɜ]k'b#'mg&L< ?n 3ɕDy hbգh9ĉPrO?gbʖ z9׽tLdp!gB-ҋKl>`]X)2ǬkJDxa޷./ ]@NE]RgG4WBMxXU7M&$rq;V@U}# 1*~Ơ#)e h kk#tZзkdY9Hz&zU x$.6=j"1: gC“JrLozc{[/EI)H[QʹT6vo 1> V_dvO~%B+*O 8>eCgIrT~gF}*P=fZP= v"0%Yz#{io=G}c_VeńK!:F1?>JqqȥI񿄷zH,爔事6SAQ^ yJ>? T| 5;\6LDRw }B0yNmv8@9DEPމ!/[v2gR*4%NSЊxc*xEy?#6 Mخ;Oq^Gd9b7}t_ԕU`7g#~*VœA>VI>b8[| {iat13̾J D O.y*@WD0;"6Ys.KE&(Xp\GAΙَv!w>G-\2Pxkyf%3WnJP/jdV@8̛l+~HϱI$`:Vږ+o\ϔK ]'[٧3й?-Rw/e[͌o(_X (K# LnD|9N]RjãÍXǸ [) Iy>p <Щ0T\bX%e܌uFEmhT4X -*l+S7 )/߶S7qݼ¶"yX]A\'X3'5ȱ ya1 g{y{~k#'>gpxy|!}đYX&7$V /OىBׅѰ0 L;,lyED%e2JACb 0F :ebrỲ3 cJ\gۂ~ՍK׶{S<"Y<.GwL_ x6U .^S6ٝ+Ȁ7HY[D,5Ra:({= zBk|FXK]s.&tԵa}ar8Lt4Q3|JKm)g3 ;߂ ixv4%h72b59=ʧ3~q <Ǹ(3Vt*NoOgv P.I{iT7uG?;$ouˌRh\*.I;wGUFnwWRTFYhI:NJ]񲞝P r9̳?s7*Ѡ~kyTVKG36HZ\֓R6vFًᷞfSذM*d.%r R⊫+ųiS}& CfJ܄;66BKslt61jF"+*