The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

Triple-Track Conference - 15th & 16th October


Capture the Flag - 15th & 16th October

HackWEEKDAY - 15th & 16th October

CommSec Village - 15th & 16th October


Banking Trojan breaks captcha to spread bot

A banking Trojan now spreading over the internet is able to get past captcha security challenges to send out emails and propagate itself, according to security company Websense Labs.

The Cridex Trojan variant infects a Windows PC when a malicious link in an email is clicked, Websense said in a blog post on Monday. The shortened link goes to a malware webkit with several components, including a data-gathering tool and a propagation module that stealthily opens webmail accounts.

Once the accounts are set up, Cridex sends out malicious emails to try to compromise more computers. To do this, it uses captcha-cracking techniques more commonly associated with spammers, according to Websense. "According to our findings, captcha challenges in some cases can be broken with the help of a captcha-breaking server, which allows the bot to register a mail account or address after only a few attempts," the company said.