It is reported that MSN Windows Live mail registrations have been hit by spam bots as much as 30% to 35%. This is a serious security issue for Microsoft.
The bot acquires the CAPTCHA on the MSN server, takes it back to the spammers server and is read using spam servers technologies. After successful reading, the text match is sent back to MSN registration form and the registration is done successfully.
Vice President of Security Research, Dan Hubbard stated that this is the first time that we have seen bots like this. He also mentioned that some of the account creation scan is still murky and stated that the team is yet to find out what is happening in the spammers server. He also mentioned that spammers use these addresses for a day and then dispose them. These spamming addresses are quickly shut down by MSN and get listed in spam filtering products.
This huge success rate by spammer bots has started an debate if CAPTCHA is secure. This has lead to rethink CAPTCHA potential. It should also be noted that few months back a Russian programmer stated that he was able to crack Yahoo’s CAPTCHA system 35 percent of the time.