Startup Fights Botnets with New Approach

Spammers have taken to cracking CAPTCHA protection for Microsoft Hotmail, Google Gmail and other Web mail services in recent years. Startup company Pramana is pushing a proactive approach to keeping botnets at bay.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

CAPTCHA cracking has become big business for spammers, and there has been no shortage of chinks in the armor.

But a startup is taking a new approach to the battle. Pramana's answer-available as an appliance or as SAAS (software as a service)-is HumanPresent, the technology the company is aiming directly at spammers who have made a business out of defeating CAPTCHA.

Conceived at the Georgia Institute of Technology's College of Computing, Pramana was founded in June 2007. The company is targeting four major markets: financial services, online gaming and gambling, Web mail, and ISPs and social networking sites.

In recent years, spammers have made mincemeat of CAPTCHA protections for Google Gmail, Yahoo and other Web mail services. Much of this spamming work is done by botnets, and this is where Pramana said it feels its approach can serve as a vanguard of sorts.

Further reading

Unlike other products, Pramana's HumanPresent technology doesn't fingerprint devices to identify a bot activity. Instead it works by monitoring and validating the entire user session from the beginning of a transaction to the end. The technology is deployed as an embedded API in a customer's Website and is transparent to the user.

When a request is made to a Website, the company protecting the customer contacts Pramana's server. Pramana responds with a JavaScript package that contains listeners that gather information for Turing tests executed on the back end, at the client's site. After the user has entered information and the page is submitted or unloaded, the results of the tests are sent back to Pramana and put through its algorithm.

"We capture everything about the human behavior-the time between actions, the time during actions, every event fired, every possible mouse movement [or] click, [and] so on [and] so forth-and we put that through some algorithms that have literally been five years in the making," explained Pramana CEO David Crowder.

The company is constantly expanding its heuristics database, which regularly updates all Pramana servers with new Turing tests to implement. The idea is to prevent tests from becoming stale and to adjust to threats around the globe.

"It's proactive," Crowder said. "What I mean by that is the thing that strikes me the most is if you look at the paradigm right now with the virus situation, by definition every virus has to be successful [before] the anti-virus companies react to it ...We are like that for the bots."

He continued, "We're the guys constantly coming up with the ways they would have to defeat us, and they're never going to catch us. Just like we're never going to catch the virus authors ... the bots and the botnet fraudsters are always going to be reactive to us. We're constantly adding these new strategies, the Turing tests, every single week."