Google’s CAPTCHA busted

Started by Frands, March 04, 2008, 10:12:42 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Frands

March 04, 2008, 10:12:42 AM
QuoteWebsense Security Labs has discovered that Google's popular web mail service Gmail is being targeted in recent spammer tactics. Spammers in these attacks managed to created bots that are capable of signing up and creating random Gmail accounts for spamming purposes.

http://www.websense.com/securitylabs/blog/blog.php?BlogID=174
http://www.sitepoint.com/blogs/2008/02/28/gmails-captcha-cracked/

Related reading:
http://sam.zoy.org/pwntcha/
Our greatest glory is not in never falling but in rising every time we fall.
- Confucius
-----
Trend Micro Internet Security


Home Forums:
https://www.landzdown.com/
http://securitygarden.blogspot.dk/
https://www.classicrockforums.com/

odidio

#1
March 15, 2008, 05:32:07 AM
This is definitely true, for Gmail as well as Hotmail.

Being an admin at a phpbb based forum I encounter probably a dozen or more of these 'bot' accounts being created everyday.

It's too hard to outright ban/blacklist these domains and it has become a real pain to have to sort through and ban the individual user names and email accounts that these bots use.
On the up side they are usually very easy to spot. Seems they like to use a group of names that get slightly modified to create new accounts with.

Here are just a few of the Gmail ones starting alphabetically with 'A' on the list.

Code Select
achatvtab@gmail.com
adamchvs@gmail.com
adamjnr@gmail.com
adamjnr@gmail.net
adamjunior@gmail.com
adampetrov@gmail.org
adamshtolz@gmail.com
adamshtolz@gmail.org
adamshulz@gmail.com
adamtop@gmail.com
adamusa@gmail.org
affithnut74@gmail.com
alexfrance@gmail.com
alexgoogle@gmail.com
alexgoogle@gmail.org
alexjnr@gmail.com
alexjnr@gmail.org
alexjunior@gmail.org

It would be nice to see these guys put out of business.............what a pain they are !

(I put them in the 'code' brackets so they aren't active, remove them if you wish.)


Temmu

#2
March 16, 2008, 03:50:05 AM
if you must manually list, white-list is the easiest to maintain. 
just look at the mvp hosts file to see what it would take to black-list.
or such services as baracuda's a/v anti-spam product with a subscription fee of $3000 / year (or so...)
it's a royal pain.

those squiggly computer-unreadable letters were supposed to prevent scripted account creation...

in this game of oneupmanship someone always trumps you!

odidio

#3
March 23, 2008, 06:54:36 AM
Will the companies look into them if I start sending the bot email addresses to them ?
If so where would I be able to send the Gmail and Hotmail ones ?

I had 30 bogus accounts today, 21 using Gmail, 8 using hotmail and 1 miscellaneous.

And that's about the average per day. 

:Win73:
Print
Go Up Pages1
User actions