Hotlan trojan focuses on Hotmail, Gmail accounts
Trojan evades captcha security defending webmail services from automated sign-ups.
Criminals have worked out a way of bypassing the captcha security that should prevent automated systems from creating operational email accounts from which to churn out spam, according to research carried out by anti-virus company BitDefender.
Captcha images are used to ensure that only people and not computers can create an email account. But a new trojan, called HotLan, gets around this by sending off the captcha image in an encrypted form back to a server controlled by a spammer. The image's characters are determined by the server and the solution is sent back to the trojan which inserts the characters into the form and creates the account. The account details are then sent back to the spammer to use to send out unsolicited junk mail.
According to Viorel Canja, head of BitDefender Antivirus Lab, around 514,000 Hotmail accounts were created as of last Friday, as well as about 49,000 Gmail accounts.
"However, it is worth noting that while most of the Hotmail accounts are operational, Gmail accounts get blocked pretty fast, usually about a couple of days after being created," said Canja.
The company said it had managed to devise a signature to combat the trojan threat and had worked with Yahoo to quash attempts by spammers to evade security in Yahoo's email sign-up process. The anti-virus company said that it has offered help to companies affected by the trojan problem.
Shining light on new 'cool' cloud technologies and their drawbacks
IONOS Cloud Up! Summit, Cloud Technology Session with Russell BarleyWatch now
Build mobile and web apps faster
Three proven tips to accelerate modern app developmentFree download
Reduce the carbon footprint of IT operations up to 88%
A carbon reduction opportunityFree Download
Comparing serverless and server-based technologies
Determining the total cost of ownershipFree download