Reports are floating around that Hotmail’s CAPTCHA system is showing some weaknesses. Of course, this isn’t new business, but reports over the last week may be cause for more concern.

The CAPTCHA test is designed to prevent automated programs from logging into a system. In the past, Microsoft has made changes to the system, but it can still be broken. Spammers use this to create multiple email accounts for the purpose of sending out spam emails. Using a free webmail account like Hotmail is very desirable for spammers, since it is untraceable, and it won’t be blocked by a spam filter because the Hotmail domain enjoys a good reputation.

The most recent attacks are much more sophisticated, and include anti-detection techniques to prevent the attackers from being found. According to an EWeek article, the latest attack injects instructions into a compromised machine. The instructions, which are encrypted, include sign-up instructions with predefined credentials, and CAPTCHA-breaking instructions. the compromised machine commnicates with a host, which receives the CAPTCHA request, breaks it, and then sends it back to the compromised machine to complete the signup.