CAPTCHA Wish Your Girlfriend Was Hot Like Me?
October 27th, 2007 by Roderick Ordoñez (Technical Communications)
A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go,” and “Melissa” reveals more of herself.
Screenshots below:
However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The strip-tease game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.
Interesting enough, the CAPTCHAs in the example above were taken from the Yahoo! Web site, possible proof that someone may be building a huge base of Yahoo! accounts. For spam-related reasons perhaps? Although various methods of OCR (Optical Character Recognition) are already used to circumvent the CAPTCHA, this social engineering technique is new in that it uses people to unsuspectingly aid a malicious user.
The CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart, was born when bots started spreading over the Internet scene a few years ago. The system was aimed at preventing automated submissions/registrations of bots by prompting the user to validate himself as a human, usually requiring the user to input a sequence of alphanumeric characters contained in an image supposedly “unreadable” by a machine.
However, some people are really hooked up on defeating the CAPTCHA, and they are literally asking for public help, in a rather discreet—and, um, provocative—manner.
(29 votes, average: 4.34 out of 5)
Loading ...
Trackback
TrackBack URL for this entry:http://blog.trendmicro.com/captcha-wish-your-girlfriend-was-hot-like-me/trackback/
Listed below are links to weblogs that reference CAPTCHA Wish Your Girlfriend Was Hot Like Me?:
mein betrunkenes Gestotte&hellip | Tracked on October 29th, 2007 at 1:05 am
[...] dazu bei TrendMicro und Pandalabs. In Netzwelt [...]
Dennis Stolze : Blog&hellip | Tracked on October 30th, 2007 at 2:00 am
[...] muss. Was liegt also näher, einem unbedarften Surfer Captchas vorzusetzen und lösen zu lassen? TrendMicro berichtet nun über einen neuen Trojaner, der es sich zu Nutze macht, dass viele Männer ihr Gehirn aussschalten, sobald sie nackte Frauen [...]
Tom Smith's the OTHER blo&hellip | Tracked on October 30th, 2007 at 3:55 am
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? (via Seth Godin) we can see a different approach altogether. Here the naughty hackers have decided [...]
Security Tips » Mel&hellip | Tracked on October 30th, 2007 at 4:34 am
[...] file making the rounds doesn’t appear to directly threaten the PCs where it is launched. Trend Micro characterized the Melissa Strip program as a non-destructive Trojan they can detect with their [...]
The Guerilla CISO »&hellip | Tracked on October 30th, 2007 at 6:49 am
[...] writeup about a cute piece of malware that uses humans to answer CAPTCHAs in exchange for a striptease. Something about this I think is [...]
flyingpenguin » Blo&hellip | Tracked on October 30th, 2007 at 9:26 am
[...] Micro has a complete description of the Melissa attack, including pictures of the model in various states of [...]
Business News Research &r&hellip | Tracked on October 30th, 2007 at 7:43 pm
[...] to take off a little bit of her clothing,” said security researcher Roderick Ordonez on the Trend Micro blog. “However, for her to strut her stuff, users must identify the letters hidden within a [...]
Alanat News » Cyber&hellip | Tracked on October 30th, 2007 at 8:03 pm
[...] off a little bit of her clothing,” said security researcher Roderick Ordonez on the «blog.trendmicro.com». “However, for her to strut her stuff, users must identify the letters hidden within a [...]
CAPTCHAs: SPAMMERs as Soc&hellip | Tracked on October 31st, 2007 at 3:45 am
[...] The program presents a partial picture of “Melissa,” who invites you to see more by deciphering a CAPTCHA. Answer correctly and you get a peek at another piece of Melissa and a new CAPTCHA to solve, and so forth. Raimund Genes, chief technology officer at Trend Micro says the technique could gain some traction because “the average male e-mail user would want to see more.” But really … can the prospect of uncovering one pinup be so enticing as to warrant jumping through all those hoops? I mean, if you really want to see dirty pictures online, I’m told they’re not hard to find. Still, full marks to the malware community for creativity. Here’s how CAPTCHA’s work from here: [...]
Blogger News Network / On&hellip | Tracked on October 31st, 2007 at 9:04 pm
[...] post from the Trend Labs Malware Blog with some rather revealing graphics, here. Let Others Know About This PostThese icons link to social bookmarking sites where readers can [...]
Would you like to know mo&hellip | Tracked on November 1st, 2007 at 9:16 am
[...] comes a story about a spam Trojan that entices users to play a simple game in order to disrobe a lady on-screen. As you’d expect, there are no shortage of takers out there. Except what players are actually [...]
Lifestyle business »&hellip | Tracked on November 1st, 2007 at 1:51 pm
[...] Источник: TrendLabs blog [...]
Hacking al alcance motiva&hellip | Tracked on November 1st, 2007 at 3:06 pm
[...] decifradas, parece ser que ya están listos para hacer spamming. La historia la pueden encontrar aquí y [...]
Hacking al alcance motiva&hellip | Tracked on November 1st, 2007 at 3:07 pm
[...] decifradas, parece ser que ya están listos para hacer spamming. La historia la pueden encontrar aquí y [...]
links for 2007-11-03 &laq&hellip | Tracked on November 2nd, 2007 at 11:31 pm
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? - TrendLabs | Malware Blog - by Trend Micro (tags: captcha internet funny malware security yahoo) Posted in Internet. [...]
Cómo los spammers descif&hellip | Tracked on November 4th, 2007 at 4:33 am
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? | Vía: Seth [...]
chmod007.com » Troc&hellip | Tracked on November 5th, 2007 at 5:21 am
[...] garotas rebolando e tirando suas roupas? Pois é, mas esse software era pago. Então criaram a Melissa, trata-se de um software parecido, que é instalado na sua máquina como uma praga qualquer, porém [...]
Virtual Strippers to Boos&hellip | Tracked on November 11th, 2007 at 8:09 am
[...] Micro says that there’s a new Trojan called TROJ_CAPTCHAR.A which takes advantage of unsuspecting users to decode CAPTCHA images: TROJ_CAPTCHAR.A disguises [...]
Batiburrillo links&hellip | Tracked on November 11th, 2007 at 10:39 am
[...] el blog de Trendmicro comentan la ultima ocurrencia de los hackers para saltarse los captcha.Nada como una mujer ligerita [...]
Jack Of All Blogs → &hellip | Tracked on November 24th, 2007 at 12:55 am
[...] images above were hotlinked from Trend Micro (thanks guys!) who have issued a warning about this kind of social engineering [...]
matthewgruman.com »&hellip | Tracked on December 1st, 2007 at 12:25 pm
[...] information here, here, here, [...]
Melissa Strip Captcha Bre&hellip | Tracked on December 7th, 2007 at 5:56 am
[...] Digamos que este es el Troyano más “sexy” que nunca hemos visto… el troyano se llama Melissa Strip, identificado por Trend Micro como TROJ_CAPTCHAR.A y Trj/RompeCaptchas. [...]
V0lTr4n Bl0G » Blog&hellip | Tracked on December 7th, 2007 at 10:07 am
[...] Digamos que este es el Troyano más “sexy” que nunca hemos visto… el troyano se llama Melissa Strip, identificado por Trend Micro como TROJ_CAPTCHAR.A y Trj/RompeCaptchas. [...]
Melissa Strip Captcha Bre&hellip | Tracked on December 8th, 2007 at 4:56 pm
[...] such a tempting Trojan before. The Trojan named Melissa Strip, identified as TROJ_CAPTCHAR.A by TrendMicro and Trj/RompeCaptchas.A by Panda, starts by asking the user if he wants to play a game where she [...]
Cybercriminal Bets Users &hellip | Tracked on December 10th, 2007 at 10:32 pm
[...] off a little bit of her clothing,” said security researcher Roderick Ordonez on the «blog.trendmicro.com». “However, for her to strut her stuff, users must identify the letters hidden within a [...]
XKOD | El troyano irresis&hellip | Tracked on December 14th, 2007 at 12:31 am
[...] Más información : Trend Micro [...]
Rauschkinda.at blog&hellip | Tracked on February 13th, 2008 at 4:19 pm
[...] auf einen Sachverhalt von Oktober 2007 hinzuweisen: A new way of social engineering (siehe auch hier und hier) lsst CAPTCHAs (tolles Akronym, btw) von Menschen lsen. Hat gewissermaen auch was mit [...]
Daemon Life » Blog &hellip | Tracked on April 29th, 2008 at 12:43 pm
[...] più strane di ingegneria sociale sono state usate dagli spammers per aggirare il test: dal virus “Melissa”, una finestra con una ragazza che effettua uno striptease ad ogni captcha risolto, fino [...]