funsec mailing list archives

Re: striptease captcha malware

From: David M Chess <chess () us ibm com>
Date: Fri, 8 May 2009 10:45:27 -0400

striptease captcha malware: 
http://blog.trendmicro.com/captcha-wish-your-girlfriend-was-hot-like-me/


Funny.  :)   Not new, as everyone's pointed out, but still funny!  And 
clever.  I've also heard (unverifiably) of web sites that offer access to 
dirty pictures in exchange for CAPTCHA decoding; similar concept.

This line from the weblog entry is questionably:

However, the ?answers? are then sent to a remote server, where a

malicious user eagerly awaits them.

It's presumably an automated account-creation program, not a human user 
(as this sentence says, and the picture at the top shows) who is awaiting 
the results.  If it was "a malicious user" sitting in front of a keyboard, 
he could decode the CAPTCHA himself.

The general concept is pretty brilliant: if a problem is too hard for an 
automated program to solve, outsource it to humans!  :)

DC

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

striptease captcha malware Gadi Evron (May 07)
- Re: striptease captcha malware Jon Kibler (May 07)
  - Re: striptease captcha malware silky (May 07)
    - Re: striptease captcha malware Paul Ferguson (May 07)
    - Re: striptease captcha malware Nick FitzGerald (May 07)
    - Re: striptease captcha malware silky (May 07)
- Re: striptease captcha malware Paul M. Moriarty (May 07)
- Re: striptease captcha malware David M Chess (May 08)
- Re: striptease captcha malware Adriel T. Desautels (May 08)
  - Re: striptease captcha malware Daniel Otis (May 08)
    - Re: striptease captcha malware Hubbard, Dan (May 08)
    - UC hacking leaves thousands at risk of ID theft Skyler King (May 08)