Websense reports that new bots are being used to automatically create new accounts at Microsoft's Windows Live service. The bots are then used to send untold amounts of spam.
Windows Live uses a captcha system to help thwart unwanted account creation. However, the captcha used by Microsoft isn't very complex, as seen in the sample below. The lack of complexity makes it easier for bots to crack the code using automated software. According to Websense, the bot captures the image and sends it to a server that attempts to crack it. The company also reported that based on their analysis the bot can crack 30 to 35 percent of the captchas.
Writing in its company blog, Websense indicated that "\[We believe\] that there are three main advantages to this approach for the spammers. First, the Microsoft domain is unlikely to be blacklisted. Second, they are free to sign up. And third, it may be hard to keep track of them as there are millions of users worldwide using the service."
The accounts created by the bots are currently being used to send spam that lures readers to sites that center around gambling, sex, and pharmaceuticals. However the accounts could easily become used for more nefarious purposes, such as phishing attacks, malware proliferation, and more.