Skip to main content

Spam nightmare looms as CAPTCHA is defeated

CAPTCHAs appear as distorted text, like this example from the Facebook signup page
Audio player loading…

If you've ever been driven to the brink of violence by floods of spam emails - and who hasn't, these days? - you'll doubtless be ready to go offline forever when you hear of the breakthrough spammers have made in defeating measures designed to thwart their evil trade.

The CAPTCHA technique that many websites use to distinguish between humans and spam-generating programs has apparently been defeated by hackers, meaning the tide of spam can only get worse.

Distorted reality

CAPTCHAs work by showing distorted text that only a human could read and asking for it to be input to prove that someone really is trying to sign up for a service, leave comments on a website or create an email account. Or so we thought.

News from Russia, a notorious hotbed of hackers, suggests that software now exists that can read the CAPTCHA image and pass the test 35 per cent of the time. So far, it has been proven only in creating new Yahoo Mail accounts, which could be used to send any amount of junk quickly.

Bots don't give up

While 35 per cent might not seem much, bear in mind that machines making an automated attack typically try hundreds of thousands of times - most of those attempts failing matters not a jot to them, of course.

Naturally, Yahoo is looking for ways to stay ahead of the spam barons - a company spokesman explained: "We are aware of attempts being made toward automated solutions for CAPTCHA images and continue to work on improvements as well as other defenses."

Oh, and in case you're wondering about current spam levels even before this latest problem, we're told that last year saw 20 spam emails sent every day for every single person on Earth.