Spammers ramp up siege on Google's Blogger via bots

April 25, 2008 (IDG News Service) Spammers are using an automated method to create bogus pages on Google's Blogger service, again highlighting the diminishing effectiveness of a security system intended to stop mass account registrations, according to security vendor Websense.

The spammers are sending coded instructions to PCs in their botnets, or networks of computers that have been infected with malicious software, wrote Sumeet Prasad, a threat analyst, on Websense's blog.

Those sophisticated instructions tell PCs how to register a free account on Blogger. The spammers also figured out a way to solve the CAPTCHA (Completely Automated Public Turing test to Tell Computers and Humans Apart), the warped text that has to be deciphered in order to complete an account registration.

The compromised PC sends a request to an external host that tries to solve the CAPTCHA and then sends the answer back to the PC. Websense estimates the process has an 8% to 13% success rate.

It's unknown how exactly the CAPTCHA gets solved. It's been theorized that the process has been outsourced to real humans who get paid for every one deciphered. But researchers have successfully developed methods that enable computers to increase their success rate at solving the puzzles, indicating that hackers have also figured out how to do it.

Security vendors and researchers have seen a rapid rise in accounts used for spam on free e-mail services from Microsoft, Yahoo and Google, indicating current CAPTCHA technology has reached the end of its usefulness.

In this case, the Blogger pages created by the spammers are then used to promote the usual line of spammer goods. But many of those sites are rigged with JavaScript that redirects the browser to another spammy Web site.

"Spammers include these redirecting accounts in different spam campaigns rather than including their actual spam domains," Prasad wrote. "Spammers use this tactic to defeat a range of antispam services."

In effect, they're using Google's Blogger domain as a shield, as it's unlikely to be blocked by other security software products for being a suspicious domain.

One option for Google would be to prohibit those redirects, said Dan Hubbard, vice president of security research for Websense. But every additional security restriction has the potential to drive away users who may use the function for a legitimate purpose, he said.

For so-called Web 2.0 sites that depend on high numbers of users, that could create a backlash, causing users to leave, Hubbard said. The redirection feature could also be tied into the way how advertising is delivered to the blog pages.

Google could also figure out a better way to spot blogs that are being created through automated bots, since many of those pages have tell-tale signs indicating machines created them rather than people, Hubbard said. Those detection mechanisms are still developing, however.

Reprinted with permission from

IDG.net
Story copyright 2008 International Data Group. All rights reserved.