This came up at a discussion during this week’s CapCHI meeting. It seems that the bad guys are finding interesting ways to get around those scrambled images (CAPTCHA‘s) that sites use to prove that the person applying for an account or service is really human, and not some automated process. Getting lots and lots of accounts is very useful if you are a spammer, and getting people to solve the human-proof problems lets the bad guys get those accounts.
Spammers Employ Stripper to Crack Security
Spammers are using a virtual stripper as bait to dupe people into helping criminals crack codes they need to send more spam or boost the rankings of parasitic Web sites, security researchers said Tuesday….The hackers, frustrated at their inability to come up with a way to automate account registration, are getting users to do their dirty work. “They’re using human beings in semi-real time to translate CAPTCHAs by proxy,” said Paul Ferguson, a network architect at Trend Micro. “You have to give them this, it’s clever.”