azurelunatic: Oblong coin with a beaded border. Image of building, inscription 'IEEE 20 cents'. (ieee coin)
[personal profile] azurelunatic
The concept is not news to security professionals, but it is gaining a little more attention in the news due to a recent in-depth study done on exactly how this is accomplished.

Via Marginal Revolution:

How Spammers Use Low-cost Labor to Solve CAPTCHAS

... the inventors of CAPTCHAS probably didn't anticipate this: Hundreds, possibly thousands of laborers working for less than $50 a month to solve an endless stream of CAPTCHAS delivered to them by automated middlemen who sell the results to spammers in real time, so that their spam bots can use those solutions to post to forums and blogs as well as set up fraudulent email accounts, says a paper about to be delivered at the USENIX Security Symposium.

Clever analysis of the location of the workers involved in this scheme revealed that they are based in India, Russia, Southeast Asia and China. The system is so efficient at delivering CAPTCHAS to workers in these remote locales that the average time for delivery of a solution hovers around 20 seconds.


No system is perfect, but the antispam team is still dedicated to rejecting the spammers who do make their way in. The incidence of spammers who make it past CAPTCHAs is very low.
azurelunatic: Cartoon person with wild blue hair, glasses, black lipstick, and fanged grin. (Azzgrin)
[personal profile] azurelunatic
FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content
A rogue Internet Service Provider that recruits, knowingly hosts, and actively participates in the distribution of spam, child pornography, and other harmful electronic content has been shut down by a district court judge at the request of the Federal Trade Commission. The ISP’s upstream providers and data centers have disconnected its servers from the Internet.

According to the FTC, the defendant, Pricewert LLC, which does business under a variety of names including 3FN and APS Telecom, actively recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content including child pornography, spyware, viruses, trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest. The FTC alleges that the defendant advertised its services in the darkest corners of the Internet, including a forum established to facilitate communication between criminals.

The complaint alleges that Pricewert actively shielded its criminal clientele by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection.

Thank you, US Federal Trade Commission!
azurelunatic: Vivid pink Alaskan wild rose. (Default)
[personal profile] azurelunatic
Found via Slashdot, the Washington Post has an article, The Scrap Value of a Hacked PC, which examines a number of malicious uses that your home computer can be put to if someone compromises it.

The malicious uses include being used as a zombie machine to spam websites (including comment spam to places such as Dreamwidth), and being used to solve CAPTCHAs.

So, while it's a very far outside chance that a virus on your computer personally could be leaving spam comments in your journal, keeping your computer and software updated, keeping a firewall between you and the internet (your router may already have one), keeping an antivirus program on your computer, and practicing safe browsing habits and avoiding phishing scams can help keep the internet a less-spammed place.

Snopes has useful information from telling good computer security advice from computer security myths.