Trojan found breaking Yahoo CAPTCHA security in minutes

Researchers have discovered a malware engine that appears to be able to break the CAPTCHA security used by Yahoo’s webmail   service after only a handful of attempts.

There is nothing new in malware that tries to break CAPTCHA (Completely Automated Public Turing test to tell Computers and   Humans Apart) – a low-level war has been ongoing since this type of security was first implemented almost a decade ago – but   what matters is how quickly and invisibly this can de done.

Websense has posted an online video showing the effectiveness of the engine it found working as part of the Cridex banking Trojan malware in breaking down Yahoo’s   CAPTCHA process.

Cridex itself is a traditional if rather dangerous login harvester that targets online banks and social media sites from victim   PCs, uploading stolen data to a command and control server.

In that it resembles longer-established banking malware such as Zeus. But a key element of any malware is the way it tries   to spread itself to new victims and the Cridex systems discovered by Websense does that by using infected PCs as proxies to   create new webmail spamming accounts.  Read More

This entry was posted in News. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *