Melissa is a CAPTCHA cracker!

Spammers never stop amazing me. Their latest scheme to sell viagra (and others products): a Trojan Horse. But not an ordinary trojan horse, it is actually a very clever one that motivates its victims to decipher CAPTCHAs (Completely Automatic Public Turing Test to Tell Computers and Humans Apart) by displaying a model named Melissa, who will take articles of clothing off every time a CAPTCHA is typed in correctly. The deciphered CAPTCHA text is sent to a server in Israel, which in return sends back a picture of Melissa with less clothes.

The captchas come from the new account creation page for Yahoo! Mail, which will probably used to send tons of spam out, allowing them to have many Yahoo email accounts at their disposal.

From ComputerWorld:

The CAPTCHAs that Melissa feeds to users are, in fact, legitimate codes snatched from Yahoo Mail’s signup screens, said analysts at Trend Micro Inc. The hackers, frustrated at their inability to come up with a way to automate account registration, are getting users to do their dirty work.

The best part of this story is when the wrong text for a captcha has been entered, Melissa responds with

“Hmmm, nope, the word you entered is incorrect honey! Lets [sic] try again?” the virtual stripper replies.

More about the trojan:

Trend Micro said the striptease was part of a Trojan horse called CAPTCHA.a; rival Symantec dubbed it Captchar.a instead. The Trojan horse may be part of a multistage attack, downloaded to a PC that’s been compromised by other, more malicious code, or can be encountered as a drive-by Web-based exploit.

So, if you find yourself trying to read squigly letters to try to get a hot chick to get her clothes on, YOU are now a spammer.

[source: ComputerWorld via LiquidMatrix]