

Facebook users unwittingly solve CATPCHAs, aid spread of Koobface - dc2k08
http://lastwatchdog.com/facebook-users-unwittingly-solve-catpchas-aid-spread/

======
bithaze
Heh. So let's make sure I understand this. Solving the CAPTCHA will give the
victim the illusion of regaining control of their computer, yet it's the last
step in creating a Facebook account? I'm actually a little impressed by this
one.

I'm not entirely sure I understand this part though: "The bad guys have made
it difficult for Facebook to cut them off, since active members are actually
creating the new accounts, says Correll." What difference would the creating
account's age have when making a new one? Sure, it has the benefit of
originating from a relatively legitimate IP, but the age of the now
compromised account seems arbitrary in this context.

------
Tichy
"Attempts to play the video turns over control of the PC to the attacker"

How?

~~~
JBiserkov
Clicking on the link led to instructions to download a Flash Player update
required to view the video. Clicking on the video player update downloaded a
copy of the worm.

------
selven
And this is why captcha's aren't that effective. They don't slow organized
malicious hackers who can simply hire a third world worker to solve them for
$1/hour, make a botnet make its victims do it like here, and so on. Meanwhile,
many people are actually having trouble solving them.

~~~
hga
Agreed, although I'd quibble about the use of "that" (effective). They do set
the bar fairly high and therefore stop a lot of "casual" vandalism and
spamming, at the very real cost you note.

