The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Banking Trojan breaks captcha to spread bot

http://www.flickr.com/photos/factoryjoe/3493757725/

A banking Trojan now spreading over the internet is able to get past captcha security challenges to send out emails and propagate itself, according to security company Websense Labs.

The Cridex Trojan variant infects a Windows PC when a malicious link in an email is clicked, Websense said in a blog post on Monday. The shortened link goes to a malware webkit with several components, including a data-gathering tool and a propagation module that stealthily opens webmail accounts.

Once the accounts are set up, Cridex sends out malicious emails to try to compromise more computers. To do this, it uses captcha-cracking techniques more commonly associated with spammers, according to Websense. "According to our findings, captcha challenges in some cases can be broken with the help of a captcha-breaking server, which allows the bot to register a mail account or address after only a few attempts," the company said.