A nifty little program that Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go,” and “Melissa” reveals more of herself.
Screenshots below:
However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The strip-tease game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.
Interesting enough, the CAPTCHAs in the example above were taken from the Yahoo! Web site, possible proof that someone may be building a huge base of Yahoo! accounts. For spam-related reasons perhaps? Although various methods of OCR (Optical Character Recognition) are already used to circumvent the CAPTCHA, this social engineering technique is new in that it uses people to unsuspectingly aid a malicious user.
The CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart, was born when bots started spreading over the Internet scene a few years ago. The system was aimed at preventing automated submissions/registrations of bots by prompting the user to validate himself as a human, usually requiring the user to input a sequence of alphanumeric characters contained in an image supposedly “unreadable” by a machine.
However, some people are really hooked up on defeating the CAPTCHA, and they are literally asking for public help, in a rather discreet—and, um, provocative—manner.
October 29th, 2007 at 1:05 am
[...] dazu bei TrendMicro und Pandalabs. In Netzwelt [...]
October 30th, 2007 at 2:00 am
[...] muss. Was liegt also näher, einem unbedarften Surfer Captchas vorzusetzen und lösen zu lassen? TrendMicro berichtet nun über einen neuen Trojaner, der es sich zu Nutze macht, dass viele Männer ihr Gehirn aussschalten, sobald sie nackte Frauen [...]
October 30th, 2007 at 3:55 am
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? (via Seth Godin) we can see a different approach altogether. Here the naughty hackers have decided [...]
October 30th, 2007 at 4:34 am
[...] file making the rounds doesn’t appear to directly threaten the PCs where it is launched. Trend Micro characterized the Melissa Strip program as a non-destructive Trojan they can detect with their [...]
October 30th, 2007 at 6:49 am
[...] writeup about a cute piece of malware that uses humans to answer CAPTCHAs in exchange for a striptease. Something about this I think is [...]
October 30th, 2007 at 9:26 am
[...] Micro has a complete description of the Melissa attack, including pictures of the model in various states of [...]
October 30th, 2007 at 7:43 pm
[...] to take off a little bit of her clothing,” said security researcher Roderick Ordonez on the Trend Micro blog. “However, for her to strut her stuff, users must identify the letters hidden within a [...]
October 30th, 2007 at 8:03 pm
[...] off a little bit of her clothing,” said security researcher Roderick Ordonez on the «blog.trendmicro.com». “However, for her to strut her stuff, users must identify the letters hidden within a [...]
October 31st, 2007 at 3:45 am
[...] The program presents a partial picture of “Melissa,” who invites you to see more by deciphering a CAPTCHA. Answer correctly and you get a peek at another piece of Melissa and a new CAPTCHA to solve, and so forth. Raimund Genes, chief technology officer at Trend Micro says the technique could gain some traction because “the average male e-mail user would want to see more.” But really … can the prospect of uncovering one pinup be so enticing as to warrant jumping through all those hoops? I mean, if you really want to see dirty pictures online, I’m told they’re not hard to find. Still, full marks to the malware community for creativity. Here’s how CAPTCHA’s work from here: [...]
October 31st, 2007 at 9:04 pm
[...] post from the Trend Labs Malware Blog with some rather revealing graphics, here. Let Others Know About This PostThese icons link to social bookmarking sites where readers can [...]
November 1st, 2007 at 9:16 am
[...] comes a story about a spam Trojan that entices users to play a simple game in order to disrobe a lady on-screen. As you’d expect, there are no shortage of takers out there. Except what players are actually [...]
November 1st, 2007 at 1:51 pm
[...] Источник: TrendLabs blog [...]
November 1st, 2007 at 3:06 pm
[...] decifradas, parece ser que ya están listos para hacer spamming. La historia la pueden encontrar aquí y [...]
November 1st, 2007 at 3:07 pm
[...] decifradas, parece ser que ya están listos para hacer spamming. La historia la pueden encontrar aquí y [...]
November 2nd, 2007 at 11:31 pm
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? - TrendLabs | Malware Blog - by Trend Micro (tags: captcha internet funny malware security yahoo) Posted in Internet. [...]
November 4th, 2007 at 4:33 am
[...] CAPTCHA Wish Your Girlfriend Was Hot Like Me? | Vía: Seth [...]
November 5th, 2007 at 5:21 am
[...] garotas rebolando e tirando suas roupas? Pois é, mas esse software era pago. Então criaram a Melissa, trata-se de um software parecido, que é instalado na sua máquina como uma praga qualquer, porém [...]
November 11th, 2007 at 8:09 am
[...] Micro says that there’s a new Trojan called TROJ_CAPTCHAR.A which takes advantage of unsuspecting users to decode CAPTCHA images: TROJ_CAPTCHAR.A disguises [...]
November 11th, 2007 at 10:39 am
[...] el blog de Trendmicro comentan la ultima ocurrencia de los hackers para saltarse los captcha.Nada como una mujer ligerita [...]
November 24th, 2007 at 12:55 am
[...] images above were hotlinked from Trend Micro (thanks guys!) who have issued a warning about this kind of social engineering [...]
December 1st, 2007 at 12:25 pm
[...] information here, here, here, [...]
December 7th, 2007 at 5:56 am
[...] Digamos que este es el Troyano más “sexy” que nunca hemos visto… el troyano se llama Melissa Strip, identificado por Trend Micro como TROJ_CAPTCHAR.A y Trj/RompeCaptchas. [...]
December 7th, 2007 at 10:07 am
[...] Digamos que este es el Troyano más “sexy” que nunca hemos visto… el troyano se llama Melissa Strip, identificado por Trend Micro como TROJ_CAPTCHAR.A y Trj/RompeCaptchas. [...]
December 8th, 2007 at 4:56 pm
[...] such a tempting Trojan before. The Trojan named Melissa Strip, identified as TROJ_CAPTCHAR.A by TrendMicro and Trj/RompeCaptchas.A by Panda, starts by asking the user if he wants to play a game where she [...]
December 10th, 2007 at 10:32 pm
[...] off a little bit of her clothing,” said security researcher Roderick Ordonez on the «blog.trendmicro.com». “However, for her to strut her stuff, users must identify the letters hidden within a [...]
December 14th, 2007 at 12:31 am
[...] Más información : Trend Micro [...]
February 13th, 2008 at 4:19 pm
[...] auf einen Sachverhalt von Oktober 2007 hinzuweisen: A new way of social engineering (siehe auch hier und hier) lsst CAPTCHAs (tolles Akronym, btw) von Menschen lsen. Hat gewissermaen auch was mit [...]
April 29th, 2008 at 12:43 pm
[...] più strane di ingegneria sociale sono state usate dagli spammers per aggirare il test: dal virus “Melissa”, una finestra con una ragazza che effettua uno striptease ad ogni captcha risolto, fino [...]
May 21st, 2008 at 7:54 pm
[...] Vía: Trend Micro [...]
July 30th, 2008 at 8:51 pm
[...] CAPTCHA Wish your girlfriend was hot like me - Blogeintrag bei TrendMicro A new way of social engineering - Blogeintrag bei PandaLabs [...]