Spammers gorge on Gmail’s CAPTCHA

By Dave Nixon

Spam derived from Google’s Gmail domain doubled last month, illustrating that spammers are still defeating the CAPTCHA, the distorted text intended to prevent mass registration of email accounts and other website abuse.

Gmail spam rose from 1.3 percent of all spam email to 2.6 percent in February, according to data released by email security vendor MessageLabs.

The latest statistics are another setback for CAPTCHA – which stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

Google is the most recent free webmail provider to be persecuted by spammers’ labors to create software to unravel the codes. Sometimes, spammers also utilize people to solve the codes en masse.

Last month, security vendors Websense determined that spammers were using two hosts to fracture Gmail’s CAPTCHAs. The method seemed to be victorious only 20 percent of the time. But if the process is repeated thousands of times, many new accounts can be generated and used to send spam.

Most of the messages use links and images to advertise adult entertainment sites..

While additional susceptible domains can merely be blocked by antispam software, businesses are disinclined to cut off free webmail providers because of their justifiable use. Spam from webmail providers comprises 4.2 percent of all spam.

Google’s CAPTCHA system is thought to be hard to crack, but so previously was Yahoo’s, which is also now often beaten. MessageLabs said 88.7 percent of the spam from free webmail providers comes from Yahoo’s domains.

Microsoft’s CAPTCHA, used for registering accounts on its Windows Live Mail service, has too been cracked. Websense believes the same group of spammers are guilty for breaking both Google and Microsoft’s systems.