Facebook on Thursday fended off an attack in which multiple identical profiles were created to spread malware.
Antivirus provider AVG Technologies said users of its LinkScanner service detected numerous profiles that were identical except with different names and each included a link to what was represented as a home video but which instead displayed a fake antivirus alert when clicked. The scams are designed to trick people into paying for software they don't need, to get credit card information from victims for identity fraud purposes, and often to install spyware on the computer.
"Clearly, the Data Snatchers have found a way to automate the creation of Facebook accounts, which means they've found a way to bypass the Facebook Captcha," Roger Thompson, chief of research at AVG, wrote in a blog post. Successfully translating a Captcha, a hard-to-read image of letters supposed to ensure that a human is involved, is required for a new account .
The malicious link was blacklisted by the major Web browsers and Facebook was blocking the URL from being shared on its site, said Facebook spokesman Simon Axten. Meanwhile, the company was working to identify all the fake accounts and disable them, he added.
Axten disagreed with the AVG speculation that the Captcha system had been broken.
"We're looking into how these accounts were created, but it's very likely that the sign-up process was manual, or that the person behind the attack farmed out the Captchas to be solved by humans for a price," Axten wrote in an e-mail.
For its Captcha system Facebook uses ReCaptcha, "which was recently acquired by Google and is about as well-regarded a Captcha provider as there is," he said.
When the link in the fake Facebook profiles is clicked a fake alert pops up that tries to convince the user that the computer is infected.
(Credit: AVG)Spam now accounts for 90.4 percent of all e-mail, according to a report released Monday from security vendor Symantec. This means that 1 out of every 1.1 e-mails is junk. The report also notes that spam shot up 5.1 percent just from April to May.
Symantec's May 2009 MessageLabs Intelligence report reveals other disturbing trends, as well. Rather than just hijack disreputable Web sites, cybercriminals now favor older and well-established domains to host their malware. The report says 84.6 percent of all domains blocked for malicious content are more than a year old. One type of domain now especially vulnerable to threats is social networking, since most of the sites' content is created by users.
"Spammers using better-known and thus more widely trusted Web sites to host malware is reminiscent of the spammers who rely on well-known Web mail and social networking environments to host spam content," said Paul Wood, Symantec's MessageLabs Intelligence senior analyst. "The trustworthy older domains can be compromised through SQL injection attacks while newer sites are more likely to be flagged as suspicious--a temporary site set up with the sole purpose of distributing spam and malware--and thus faster to get shut down."
Where you live also determines when you're spammed, says the report. For people in the U.S., spam hits its peak between 9 a.m. and 10 a.m. and then drops overnight. Europeans get a solid stream of spam throughout the day, while users in Asia-Pacific countries find most spam waiting for them in the morning. One reason for this trend, says the report, is that most spammers are at their busiest during U.S. working hours.
The popular CAPTCHA program, which asks the user to type in a series of random characters, is no longer proving as effective as once hoped. Many Web sites have relied on CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) to ensure that accounts are created by actual human beings.
But criminals have now succeeded in generating profiles with random names, apparently by using automated CAPTCHA breakers. The report notes that some major Web sites are now exploring other ways to block automated accounts, such as using photographic images that a user must analyze.
Spam levels had dropped for a short while last year after the closure of several malware-hosting Internet providers. But spammers have since bounced back from those losses by rebuilding their networks.
Symantec's MessageLabs Intelligence gathers research on spam and other malware from global data centers that track e-mails and Web pages. Symantec releases a new intelligence report each month.
(Credit:
Screenshot by Dong Ngo/CNET)
Captcha, or Completely Automated Public Turing test to tell Computers and Humans Apart, is a method used by many Web sites to fight against computer-generated input. As computers get smarter, Captchas hves become more of a nuisance because most of them are now tough for us humans to pass.
I recently blogged about a new and more humane way to create a Captcha by using 3D images and the implementation of that method at Yuniti.com. I've just run into a different approach, similar to the Asirra tool revealed by Microsoft in 2007, that seems even easier for humans to pass while remaining impossible for machines to figure out.
It's called Captcha the Dog from a Web site of the same name. Like the 3D-based Captcha, this method uses images instead of text for the challenge. However, the challenge is always the same: clock on the one different object on the screen, i. e., click on the photo of a dog among eight photos of cats.
With Captcha the Dog you are required to do this multiple times in a row. Each time, the position of the dog is changed and if you click on the wrong picture once, the process starts over from the beginning.
Once you have clicked on the right one enough times, all the photos will be those of cats. This is when you know you have passed the Captcha.
As it is currently impossible for a computer to distinguish between these photos, it's virtually impossible for a machine to randomly select the right image multiple times in a row.
This method of Captcha costs $25 per year with customized images. Beyond that, you can get its codes for free. The new method is said to be compatible with any browser (including that of the iPhone) and can be implemented within 15 minutes without the use of cookies.
This seems a simple yet effective alternative to the text-based Captcha that's so popular and so frustrating to use. However, like other image-based Captcha methods, Captcha the Dog doesn't currently offer a way to support people with disabilities. However, the site states that its new version will offer an audio component for vision-impaired people.
Try out the new Captcha method at Captchathedog.com and leave your thoughts in the comments.
- prev
- 1
- next
