Respect for Life is normally delayed by people because we are so busy just surviving or are in the habit of relaxing or enjoying hobbies or traveling and the like. With the population, expenses and pollution continuing to rise with no end in site, humanity is in clear danger of messing up the opportunity we have inherited.
Part 2: Observe the injection of instructions with spammers’ credentials in progress.
Part 3: Observe the CAPTCHA breaking instructions injected on to victims’ machine.
Part 4: Observe the Post-Anti CAPTCHA instructions injected.
Part 5: Observe the spammer instructions performing validation of entire process.
Stage 2: Bot infected or victims’ machine performing tasks as per pre-defined instructions (as in Stage 1), in action.
Part 1: Observe the process initiated on the bot infected or victims’ machine, progressing on to Google’s blogger.com for account signup.
Part 2: Observe the bot progressing on to Google’s Blogger signup page.
Part 3: Observe the bot infected or victims’ machine sending the CAPTCHA code request to CAPTCHA breaking host.
Part 4: Observe the CAPTCHA code (replied) sent from CAPTCHA breaking host to victims’ machine for account creation.
Part 5: Observe that created account credentials are used for a successful login, and are ready for blogging.
Part 6: Observe the blog created and published.
Part 7: Entire process in action.
Spammers finally have success advertising their product at this level. Observe the java script that redirects account to spam domain.
Observations:
Stage 1:
1. Predefined instructions injected on to victim’s machine are used as templates, with varying account credentials and spam domain redirecting script.
2. Spammers are trying to improve the Anti-CAPTCHA techniques. To assist this process they perform validation checks and reports are sent to their email addresses. Observe figure 1.5 in Stage 1.
Stage 2:
1. One in every 8 to 12 attempts is successful in signing up and creation of accounts. Hence the success rate ranges between 8% to 13%.
2. In the current attack, the response time of CAPTCHA breaking host after grabbing a CAPTCHA image from a victims’ machine, analyzing it, and responding back to victims’ machine with corresponding CAPTCHA code is approximately 35 to 36 seconds.
Websense believes that these accounts could be used by the spammers at any time for a variety of social-engineering attacks, a trend that has been increasingly common with various popular Web 2.0 sites. An illustration of this spammer tactic where in Google services increasingly used in SPAM runs, was reported by Websense, in the recent past in one of the security blogs.
Security Researcher: Sumeet Prasad