According to security vendor BitDefender, spammers have defeated a system designed to differentiate humans from machines when registering new accounts online. Known as Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart), the system won't allow users to advance until distorted characters in a box are correctly entered. BitDefender says a new threat, Trojan.Spammer.HotLan.A, is using more than 15,000 automatically generated bogus Microsoft Hotmail accounts to spread and is registering 500 new accounts per hour, suggesting the Captcha system has been defeated.
BitDefender says the Trojan horse accesses one of the free Web mail accounts from Microsoft or Yahoo, pulls encrypted content from a Web site, decrypts the message (usually spam for a pharmaceutical product), then sends the e-mails to presumably valid addresses obtained from another Web site. Exactly how the Trojan is able to create the bogus Web mail accounts is not documented.