[ # ] Gmail Finally Succumbs to Spam Bots
/* Posted March 15th, 2008 at 8:06pm *//* Filed under Google */
Sick of the spam mail getting stuffed in your email inbox everyday? Well, prepare to get more. Gmail became the latest victim to fall prey to captcha breaking spam bots, Yahoo Mail and Hotmail having been broken a year ago. Captcha is that image of jumbled random hard-to-read text that you have to enter to authenticate your human-ness. If you have a Gmail account, you probably had to do it when you first created the account. Captcha was created to prevent spam bots from automatically registering “bogus” email accounts from which to send spam, relying on that fact that only a human would be able to decipher the captcha image and thus at least requiring a spammer to be in front of the computer to create accounts. Now that captcha has been broken, spam bots will be free to register Gmail accounts at will without human intervention.
The attack relies on a two-bot approach. The captcha image is grabbed and sent to the first spam bot that attempts to guess the text. This single-bot style attack was sufficient to break Hotmail, but did not work as successfully on Gmail due to variations in the image that could occur even with the same text. That’s where the second bot comes in. The second “learner” bot learns from the first bot’s mistakes, slowly enhancing the captcha breaking algorithm’s effectiveness, and also trying its hand at a different segmented strategy to break captcha. Though only a 20% success rate has been noted, the fact of the matter is that Gmail captcha is broken and through the month of February since the breakthrough, the amount of spam being sent through Gmail accounts has doubled. Gmail is an attractive target due to the fact that it is free and because the Google domain is unlikely to be blacklisted.
Leave a Reply
(* required)