azurelunatic: Oblong coin with a beaded border. Image of building, inscription 'IEEE 20 cents'. (ieee coin)
Azure Jane Lunatic (Azz) 🌺 ([personal profile] azurelunatic) wrote in [site community profile] dw_antispam2010-08-24 12:46 am

Spam in the news: CAPTCHA issues: humans used to evade CAPTCHAs

The concept is not news to security professionals, but it is gaining a little more attention in the news due to a recent in-depth study done on exactly how this is accomplished.

Via Marginal Revolution:

How Spammers Use Low-cost Labor to Solve CAPTCHAS

... the inventors of CAPTCHAS probably didn't anticipate this: Hundreds, possibly thousands of laborers working for less than $50 a month to solve an endless stream of CAPTCHAS delivered to them by automated middlemen who sell the results to spammers in real time, so that their spam bots can use those solutions to post to forums and blogs as well as set up fraudulent email accounts, says a paper about to be delivered at the USENIX Security Symposium.

Clever analysis of the location of the workers involved in this scheme revealed that they are based in India, Russia, Southeast Asia and China. The system is so efficient at delivering CAPTCHAS to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds.


No system is perfect, but the antispam team is still dedicated to rejecting the spammers who do make their way in. The incidence of spammers who make it past CAPTCHAs is very low.