Oct27 |
5:51 am (UTC-7) | by
Roderick Ordoñez (Technical Communications) |

A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go,” and “Melissa” reveals more of herself.
Screenshots below:


However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The strip-tease game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.
Interesting enough, the CAPTCHAs in the example above were taken from the Yahoo! Web site, possible proof that someone may be building a huge base of Yahoo! accounts. For spam-related reasons perhaps? Although various methods of OCR (Optical Character Recognition) are already used to circumvent the CAPTCHA, this social engineering technique is new in that it uses people to unsuspectingly aid a malicious user.
The CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart, was born when bots started spreading over the Internet scene a few years ago. The system was aimed at preventing automated submissions/registrations of bots by prompting the user to validate himself as a human, usually requiring the user to input a sequence of alphanumeric characters contained in an image supposedly “unreadable” by a machine.
However, some people are really hooked up on defeating the CAPTCHA, and they are literally asking for public help, in a rather discreet—and, um, provocative—manner.
Share this article |
|
34 Responses to “CAPTCHA Wish Your Girlfriend Was Hot Like Me?”
Trackbacks
- mein betrunkenes Gestotter » Verteiltes Rechnen
- Dennis Stolze : Blog
- Tom Smith's the OTHER blog
- Security Tips » Melissa Strips For Captcha Translations
- The Guerilla CISO » Blog Archive » Be a Slave to Nakedness and CAPTCHAs
- flyingpenguin » Blog Archives » CAPTCHA Strippers
- Business News Research » Cybercriminal Bets Users Will Trade Security For Sex — Security
- Alanat News » Cybercriminal Bets Users Will Trade Security For Sex
- CAPTCHAs: SPAMMERs as Social Engineers at thinkbeta.com
- Blogger News Network / One of the oldest social engineering techniques (sex) still seems to work!
- Would you like to know more? » Blog Archive » Ingenious Spam
- Lifestyle business » Blog Archive » СтрипCAPTCHA
- Hacking al alcance motivacional de las masas « Enciso’s Blog
- Hacking al alcance motivacional de las masas « PaQueSepas
- links for 2007-11-03 « Netweb
- Cómo los spammers descifran los CAPTCHAs «
- chmod007.com » Troca justa?
- Virtual Strippers to Boost Productivity ? | PuTech Naman! | Yet Another Technology Blog…
- Batiburrillo links IV by Tecnorantes
- Jack Of All Blogs → Blog Archive » CAPTCHA and Social Engineering
- matthewgruman.com » Fooling the CAPTCHAS
- Melissa Strip Captcha Breaker Trojan… un troyano que parece que muchos no van a poder resistirse :
- V0lTr4n Bl0G » Blog Archive » Melissa Strip Captcha Breaker Trojan… un troyano que parece que muchos no van a poder resistirse
- Melissa Strip Captcha Breaker Trojan at BTT | Blog The Tech
- Cybercriminal Bets Users Will Trade Security For Sex
- XKOD | El troyano irresistible: Melissa Strip Captcha Breaker
- Rauschkinda.at blog
- Daemon Life » Blog Archive » Alan Turing e lo Spam
- Troyano Melissa Strip Captcha Breaker al ataque » El blog de KnxDT
- CAPTCHA-Hacking « Maikls Notizbuch
- greybrimstone (Adriel Desautels)
- greybrimstone (Adriel Desautels)
- greybrimstone (Adriel Desautels)
- Spineless Twit » CounterMeasures



