CAPTCHAs are images that contain words that a user must recognize during the process of account registration in many web services. Machines are unable to read these words easily, so a CAPTCHA is used to make sure that whoever is filling the form is in fact human.
Today I found an e-mail that pointed the user to a website where he was supposed to see pictures “someone” had sent to him. There are no pictures, as you might have guessed: it’s just an attempt to trick the user into installing a trojan horse.
After clicking the malicious link, you land in an innocent-looking page. Following a link in said page gets you in a page that has a CAPTCHA-like image. It is not a true CAPTCHA as the image (and the word written in it) never changes, but the page will not let you download the trojan horse if you don’t recognize the word (”lemonade” in Portuguese) correctly; it will show an error message if you don’t type the word as it is shown.
Thus, to successfully install this trojan, you need to:
- Read an e-mail message
- Click a link within it
- Click yet another link
- Type “limonada” with 8 keystrokes
- Click “OK” and run the virus
From another point of view, this attack makes the whole download process look more legitimate. Only attackers however will know whether users fell for it or not.