TROJ_CAPTCHAR.A - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_CAPTCHAR.A

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Captchar (McAfee), Trojan.Captchar.A (Symantec), TR/Agent.brb.1 (Avira), Troj/CAPTCHA-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Low
Distribution potential:		Low

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_CAPTCHAR.A Behavior Diagram

Malware Overview

This Trojan may arrive as a file downloaded by other malware.

This Trojan's purpose is to bypass the CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by certain Web sites to prevent the automated creation of email addresses or the entering of bots to a chat room.

It does the said routine by enticing the user to input the correct sequence for a given CAPTCHA. It poses as a strip tease game to catch the attention of a user. The user should then enter the correct CAPTCHA code to progress with the strip tease.

If the user enters the correct code for the given CAPTCHA, it displays a new CAPTCHA with a different message. It then sends the correct code to a remote server. This routine enables a remote malicious user to acquire and match the correct code for a given CAPTCHA.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 26, 2007 5:41:21 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.