There have been reports over the last few weeks that CAPTCHA the popular tool used by many websites to thwart spammers is being attacked. CAPTCHA is the hard to read squiggly text that users are asked to decipher in an effort to tell real human users apart from automated bots. Free email services such as Gmail, Yahoo or Live Mail all use some form of CAPTCHA to prevent spammers from utilizing automated scripts to create large numbers of user accounts to be then used for spam-mail.

Websense Security Labs reported first indications that CAPTCHA might be in trouble when researchers noticed unusually fast response times, of less than 6 seconds, to the CAPTCHA challenge. Check out this blog post for a detailed description how these attacks work.

Spammers are highly motivated to get their hands on free email accounts for the following reasons:

  • Public mail services such as Live Mail, Gmail or Yahoo! Mail cannot be blacklisted.
  • Sending email through those services is free.
  • It is hard to track spammers’ criminal activity in the vast volume of other legitimate mail traffic.

The latest attack on CAPTCHA is nothing new. In the past, spammers tricked unsuspecting users to do their dirty work by redirecting captcha challenges from legitimate sites to bogus game sites where players filled out captchas to win prizes.

Let’s just hope that CAPTCHA can be improved fast enough to prevent a likely surge of spam.

Technorati Tags: , ,