Sign in to follow this  

Koobface Tries Captcha Breaking

Recommended Posts

Koobface Tries CAPTCHA Breaking

by Joey Costoya (Advanced Threats Researcher)

Early this week, we’ve encountered a new Koobface spam campaign which involved links that eventually led users to this Youtube copycat web page.

The scheme uses the old flash player trick (see Figure 1) where the user is told that they need to download the latest version of Adobe Flash Player to view a certain video. In this case, the Flash Player in the page is an actual Flash .SWF file, which will redirect users to a file named setup.exe detected by Trend Micro as TROJ_KOOBFACE.DU through the Smart Protection Network.

A short while after running setup.exe, Koobface fetches a picture file from a remote server which is actually a CAPTCHA image. The user is then presented with the Windows prompt as shown in Figure 2.

The panic-inducing screen displays the time before the system will shutdown as shown in Figure 3, while the image (blurred) in the middle is the downloaded CAPTCHA image. The above prompt is essentially telling the user that the system will shutdown in 2 minutes and 29 seconds unless they enter the CAPTCHA correctly!

After the user correctly solved the CAPTCHA image, Koobface promptly reports the solved CAPTCHA code to a remote server. This Koobface strategy creates a low-cost, distributed CAPTCHA breaking service. This time though, instead of using cheap labor, Koobface is now using the infected users themselves to break CAPTCHAs.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this