Be careful about your captchas

I’ve written about captchas before, but this post (may not be safe for work) is a “novel” approach to defeating captchas.

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The “strip-tease” game is actually a ploy by ingenious malware authors to identify and match ambigious CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

I am not sure if this would work to “decode” the captchas all the time because I know that some sites generate a different captcha image if you take too long to fill in the information. Still, it would work in some cases and it’s a scheme to be careful about because you could see variations on the scheme to trap people. (Via Seth Godin)


Your thoughts?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s