Spammers are a parasitic plague upon the Net, but when it comes to their mastery of social engineering and manipulation, sometimes you just have to stand back in admiration.
One of the most popular and effective techniques for stopping spammers from, say, automating the creation of new, bogus e-mail accounts is the use of CAPTCHAs â€” a step in the sign-up process that presents a picture of a word distorted in such a way that a human can read it and enter the information correctly, but a machine canâ€™t. From the spammerâ€™s standpoint, what you really need to get around this is a bunch of human volunteers to decipher the CAPTCHAs and send back the results. But how do you persuade people to do your evil bidding for free? Why you just tap a primitive urge wired into the male brain â€” the caveman voice that says, â€œMust â€¦ see â€¦ naked â€¦ women.â€
A couple of security outfits have now found evidence of the technique in the form of a virtual striptease â€œgameâ€ that is activated when Windows IE is run on an infected machine. The program presents a partial picture of â€œMelissa,â€ who invites you to see more by deciphering a CAPTCHA. Answer correctly and you get a peek at another piece of Melissa and a new CAPTCHA to solve, and so forth.
31 Oct 2007