More on Veronica and Fake Flirting

Courtesy of ABC Australia IT guru Paul Wallbank, the source of my chat with Veronica Sexy may have been discovered: an automated sex talk service called CyberLover.ru. Paul points to this story from Conor Sweeney of Moscow’s Reuters bureau:

A Russian website called CyberLover.ru is advertising a software tool that, it says, can simulate flirtatious chatroom exchanges. It boasts that it can chat up as many as 10 women at the same time and persuade them to hand over phone numbers.

The service, on the surface, appears aimed at guys who aren’t able to win over girls online any other way: “It’s happened – a program to tempt girls over the internet!” Reuters quotes the site as claiming. “Within half an hour the CyberLover program will introduce you to … girls, exchange photos and perhaps even a contact phone number,” it states. Woohoo. 

But is that all it does? Antivirus and software developer PC Tools says it’s much more dangerous than that. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” a company press release quotes Sergei Shevchenko, Senior Malware Analyst, as saying. “It employs highly intelligent and customized dialogue to target users of social networking systems.” The goal, Sergei says: to gather personal information about users and also to lure them to websites, possibly to infect them with malware (a generic terms for software that infects their computer which can then be used as what is called a bot to grab data, infect other computers or send spam.) That doesn’t sound like the Veronica I know. 

The website itself denies this, according to the Reuters report. “The program can find no more information than the user is prepared to provide,” one of the site’s employees, who gave his name only as Alexander, said in an emailed reply to Reuters questions. “It maintains a dialogue with a person, but is not engaged in hacking or any other such schemes, I think this should be obvious,” he said.

Well, there’s hacking, and there’s other stuff that comes close to it. The company or individual behind this product appears to be the same as that which runs Botmaster.Net, both of which are registered to one Alexander Ryabchenko. Botmaster sells a $450 piece of software called Xrumer, which spams websites, forums and blogs to build up a website’s profile on search engines (it claims to get past CAPTCHA screens, where users are asked to identify letters in images.) Given the name of the website is botmaster you can’t help wondering what else it does. 

So was Veronica Sexy an early prototype of of CyberLover? Well, they’re both run by Russians, but beyond that it’s not clear. I hope to find out more. What is clear, though is that SkyperSex, the website Veronica was trying to lure me to, is an affiliate of Streamray, a sex website that is one of several just bought by Penthouse Media as part of its purchase of Various Inc (for $500 million). It should make for an interesting bit of research. 

Oh, and if you’re looking for automated online chat that’s a bit more real, check out My CyberTwin.

Russian computer program fakes chatroom flirting – Yahoo! News

Strip CAPTCHA Spam

TROJ_CAPTCHAR.A screenshot

Whatever useful stuff the good guys come up with, the bad guys ain’t far behind. A few months back I wrote about researchers at Carnegie Mellon coming up with a way to use CAPTCHA tools to help decipher words in text by the Internet Archive. The basic idea is that the effort to prevent spammers and others automating their intrusion into websites (signing up for stuff, comment spam etc) should not be wasted.

Now a sleazeball has found a way to do the same thing: get folk to decipher CAPTCHA texts through a small program, delivered by Trojan, that offers striptease in exchange for guessing the texts correctly (Trend Micro, via via Seth Godin):

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The “strip-tease” game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

As Trend Micro points out, the CAPTCHAs in this case are from Yahoo! Web site, suggesting that a spammer is building up Yahoo! accounts.

CAPTCHA Wish Your Girlfriend Was Hot Like Me? – TrendLabs | Malware Blog – by Trend Micro

Technorati Tags: , , ,

CAPTCHA Gets Useful

Captcha1

An excellent example of something that leverages a tool that already exists and makes it useful — CAPTCHA forms. AP writes from Pittsburgh:

Researchers estimate that about 60 million of those nonsensical jumbles are solved everyday around the world, taking an average of about 10 seconds each to decipher and type in.

Instead of wasting time typing in random letters and numbers, Carnegie Mellon researchers have come up with a way for people to type in snippets of books to put their time to good use, confirm they are not machines and help speed up the process of getting searchable texts online.

”Humanity is wasting 150,000 hours every day on these,” said Luis von Ahn, an assistant professor of computer science at Carnegie Mellon. He helped develop the CAPTCHAs about seven years ago. ”Is there any way in which we can use this human time for something good for humanity, do 10 seconds of useful work for humanity?”

The project, reCAPTCHA, is using people’s deciphering to go through those books being digitized by the Internet Archive that can’t be converted using ordinary OCR, where the results come out like this:

Captcha2

Those words are sent to CAPTCHAs and then the results fed back into the scanning engine. Here’s the neat bit, though, as explained on the website:

But if a computer can’t read such a CAPTCHA, how does the system know the correct answer to the puzzle? Here’s how: Each new word that cannot be read correctly by OCR is given to a user in conjunction with another word for which the answer is already known. The user is then asked to read both words. If they solve the one for which the answer is known, the system assumes their answer is correct for the new one. The system then gives the new image to a number of other people to determine, with higher confidence, whether the original answer was correct.

Which I think is kind of neat: the only problems might occur if people know this and mess the system by getting one right and the other wrong. But how do they know which one?