No. 1 Story

Technology reinforces generation gap

If you believe that technology could be bridging the generation gap, think again. According to Deloitte’s first State of the Media report it’s as stark as ever.

read more

Related Articles

Google, Sites, sending, spam, CAPTCHA, gets, pwned
Anti-spam campaign Project Honey Pot has filed a law suit seeking more than $US1...
The US relayed considerably more spam than other nations, with just under a fifth...
Phishers wanting access to confidential usernames and passwords only needed to visit Google’s anti-phishing...
Despite tough anti-spam measures in the US, and recent lawsuits against a MySpace spammer,...
Patch Tuesday has come and gone with Microsoft dutifully patching three flaws, one of...

Google Sites sending spam as CAPTCHA gets pwned

Business IT - Security

According to the latest MessageLabs Intelligence Report, the Google Sites CAPTCHA spambot defences have been compromised by spammers...

The MessageLabs Intelligence Report for July 2008 reveals that spammers are looking towards Google Sites to spread their wares. This follows on from previous spam attacks directed at Google Docs, Google Pages and Google Calendar.

Researchers look at it as being just the latest in a continuing trend that targets Google's hosted applications in order to exploit the brand trust to distribute spam and malware. There are two reasons why Google Sites has been targeted, they say:

Firstly, it allows the novice to create a web page that comprises entirely of a string of random letters and numbers with relative ease. This results in a URL that is far more difficult to block than most when using bog-standard signature-based anti-spam tools.

Secondly, and a lot more worryingly so, is the indication that the 'Completely Automated Public Turing Test to Tell Computers and Humans Apart' or CAPTCHA entry validation system has been pwned.

"Google Sites is yet another way that spammers have programmatically defeated CAPTCHA mechanisms" Mark Sunner, Chief Security Analyst at MessageLabs insists "While Google Sites spam accounts for only 1 percent of all spam currently, we anticipate that this technique's popularity will rival that of its predecessors, Google Docs, Calendar and Pages spam. If this is the case, then we may see spam levels increase in the months ahead." 

Not the best of news, it has to be said. But then neither is the fact that the number of new malicious websites blocked each and every day in July increased by a whopping 91 percent from 2,076 compared to June. This takes the daily total up to a rather depressing average of 3,968 new sites.

So what is to blame? Other than the obvious dirty scumbag spammers answer, is the equally obvious SQL injection attacks one. "An emerging theme for threats this month seems to be new variations on old attack methods" Sunner told us.

Want to know which country is the most spammed in the world? Find out on page 2...

CONTINUES