Spammers are using the same method as the Amazon Mechanical Turk to defeat CAPTCHA (Completely Automatic Public Turing Test to Tell Computers and Humans Apart) solutions put in place by websites like Google or Yahoo, in a bid to send even more spam and malicious code.
Instead of coming up with applications to bypass CAPTCHA, spammers lure human beings into helping them identify those CAPTCHAs by rewarding them with a virtual stripper.
Trend Micro, the security firm behind the discovery, says that this is a new twist in the way spammers use human intelligence (or stupidity, depending on how you see it) to decipher CAPTCHA.
Paul Ferguson, a security expert for Trend Micro, told IDG news that "Work-at-home money mule schemes run by criminals have hired people to do this same thing".
TROJ_CAPTCHAR.A (Symantec calls it Captchar.a) is a disguised strip-tease game that hides a trojan horse that the user has to download and run on its computer.
It shows the picture of a partially nude, blonde bomb-shell that will take off her clothing one by one if CAPTCHAs are identified correctly.