Character recognising spam breaking CAPTCHA defences
By Asavin Wattanajantra,
Spam sent from webmail accounts created using CAPTCHA breaking technology is on the increase, according to Marshal.
It said that there was more spam capable of beating the response test, which is used to ensure content is generated by a human manually typing letters and numbers rather than a computer. CAPTCHA (Completely Automated Public Turing Test to tell Computers & Humans Apart) was developed by Carnegie Mellon University in 2000 to stop spam robots.
However there are ways to get past this security such as Optical Character Recognition (OCR), which is mechanical or electronic translation of the electronic images. Sometimes it was possible to completely bypass the CAPTCHA.
“In email security we’ve developed pretty advanced OCR technology to deal with image based spam,” said Bradley Anstis, vice president of products at Marshal. “I think some spammers are using tools we’ve created against the industry to help them break the CAPTCHA codes.”
However, he did go on to say that the bigger problem was that many businesses and websites were not even bothering to implement CAPTCHA.
“Even though CAPTCHA technology is evolving and there are new ways of doing it its still up to the companies to deploy these on their websites,” Anstis said. “That traditionally has been the hardest thing to do.”
The report said that using webmail accounts for spam made IP reputation or message header inspection less effective. Spam would be generated from Gmail, Yahoo and Hotmail accounts, so they would look to come from legitimate sources.
“This email is typically generated using a well-formatted composition type engine so the headers are really tidy and bodies are really neat,” Anstis said.
“Traditional spam filters that look at the structure of an email message looking for addresses of bulk mailers are less effective. Webmail messages conform to all right the standards.”
Related Tags
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?