The McAfee Computer Security Research blog has an interesting article on how malicious web sites can defeat the “captcha” codes that appear on many sites. The “Completely Automated Public Turing test to tell Computers and Humans Apart” or CAPTCHA are the challenge-response mechanisms that display distorted text or numbers that can be read by humans but not by an automated script.
The article describes how a malicious website can display the captcha code from an authentic website, and by offering some incentive to visitors of the malicious site, can get the visitors to defeat the captcha code of the authentic web site. This technique has also recently be utilised by the Captchar trojan.
Reported by Windows IT Pro Magazine.
