// Place side add here
Latest News
Useful Softwares
AntiVirus and Security Tips

Trojan that breaks CAPTCHA automatically

A new banking Trojan variant can bypass CAPTCHA, as demonstrated by a video posted today by security firm Websense on their Security Labs blog.
Once downloaded to the machine, Cridex, a data-stealing Trojan, will track content from various web forms. Cridex also downloads a ‘spamming module’ to the infected machine that enables the botmaster to send malicious e-mails to boost infection rates. This module, as shown in the video, utilizes a CAPTCHA-breaking server that helps the botmaster circumvent any CAPTCHA after a few tries, allowing the attacker to create a new Yahoo e-mail account.
The CAPTCHA attempts are sourced from a series of challenge images (embedded in HTTP) that have been gathered from the e-mail registration form and uploaded to the remote CAPTCHA-breaking server.
For more on the methods used by Cridex and the exact steps of the CAPTCHA-breaking process, head to Websense.


Bookmark and Share

0 comments for this post

Leave a reply

TechByte4U on FaceBook
Videos on Tech Byte 4 U