14 DAY TRIAL // There has been a lot of debate lately on how challenging it is to create a software that can automatically break CAPTCHA security codes, some researchers even issuing advisories regarding the creation of strong CAPTCHAs.
However, security experts found that a component of the ZeuS-like Cidrex Trojan was able to break the security tests to create email accounts.
Websense researchers came across a variant of Cidrex, a banking Trojan, that not only infects computers with the purpose of stealing sensitive data from their owners, but it also manages to create Yahoo! email accounts to spam others.
This certain version of the malware spreads via emails containing a shortened link which points to the Blackhole exploit kit. If the exploit is successful, the Trojan is downloaded to the infected machine.
Cidrex then looks for sensitive information that later allows cybercriminals to access social media and banking accounts, and sends all the acquired data back to a command and control server.
The malware also comes with a spamming module that uses backdoor components, permitting it to perform browsing activities. Using these rights, the Trojan creates email accounts that are utilized to send malicious emails with the purpose of increasing the bot’s size.
Normally, if CAPTCHAs were strong, automated tools would have a hard time creating accounts, but experts showed that with just six attempts this malevolent element breaks the security test and creates a Yahoo email account without much difficulty.
This is done by harvesting the image that represents the CAPTCHA and sending it with an HTTP POST request to a CAPTCHA-breaking server that outputs a response in JSON format.
As we know, if the string entered by the user while creating an account is incorrect, he is allowed to try again numerous times until he (or she) succeeds. That’s exactly what this component does.
It sends the images representing the codes to the server until the attempt is successful and even though it doesn’t work every time, on some occasions it works perfectly.
Check out the proof of concept video presented by Websense.
