By Joel Hruska
October 02, 2008 - 01:47PM CT

The decline in CAPTCHA efficacy has been an ongoing story in 2008, as hackers and malware authors have steadily found ways to chip away at the protection these security practices were once thought to offer.

Now, new findings indicate that both Gmail and Windows Live Hotmail have been compromised again, this time via a more-streamlined attack process. With two of the largest webmail providers once again vulnerable, CAPTCHAs clearly aren't meeting the security needs of either company, and it may be time to reevaluate the use of them altogether.

Gmail defeated - The latest bad news for Google comes courtesy of the malware team in charge of the XRumer project. XRumer is a blogspam tool that's particularly good at what it does, and is capable of fooling multiple CAPTCHA systems. Once it successfully registers, XRumer may take steps to avoid human detection by first posting an innocuous question regarding a specific product or service.

The point of all the subterfuge is to boost the Google page rank of a site by bombarding multiple forums with product/service mentions and discussions. Users that can be tricked into posting their own links (perhaps in an attempt to demonstrate where a product may be found) only help the program perform its primary function.