New CAPTCHA worm breaking Google's defences

A new worm has been discovered, which a security company claims can break Google's CAPTCHA to create Gmail accounts for spamming.

Vietnamese company Bach Koa Internetwork Security (BKIS) has called the worm W.32.Gaptcha.Worm' and says it is able to break Google's CAPTCHA defences.

CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart) is a defence used by email providers, which tries to ensure that computers are not automatically signing up for email accounts.

Once it has broken CAPTCHA, the worm can continuously create Gmail accounts, sending these registered accounts to hackers.

This will cause Gmail to block the infected machine's IP address due to the many registrations, and the worm will remove itself from the system.

"Once your computer gets infected with this worm, you will see Internet Explorer windows automatically appear," BKIS said on the blog:

"You will then see the whole automatic Gmail accounts registering process by the worm."

It adds: "After that you will not be able to sign up for new Gmail accounts as your computer will have been blocked by Gmail."

Companies like Google and Microsoft have been engaged in a continuous battle with spammers trying to break CAPTCHA defences, due to the value of the accounts.

Google itself recently revealed work on a new form of CAPTCHA, which uses images that are more difficult for computers to break.

Google said that CAPTCHA was only one aspect of the security of its systems, but had no official comment to make on this particular attack.