This week, a Vietnamese security company reported discovery of a new worm, named W32.Gaptcha.Worm, which breaks Google’s CAPTCHA, and then automatically creates multiple random Gmail accounts which are then used for distributing spam.

The attack sends the new Gmail accounts out to hackers, who use them until Gmail blocks the IP address of the infected machine. According to the report, if your computer becomes infected, you will see Internet Explorer launch itself, and then the Gmail account registration process takes place, with the worm automatically filling in random names and numbers to manufacture a bogus user. The worm is able to circumvent Google’s CAPTCHA system by sending the CAPTCHA image to a remote server, where it is broken. Gmail will later block your computer, preventing you from signing up for any new legitimate Gmail accounts.

The blog entry that highlights the discovery doesn’t specify however, just how the CAPTCHA is broken once it has been sent to the remote server. It is believed that some spammers actually use low-tech means, sometimes even employing low-cost laborers in third world countries to decode CAPTCHAs by the thousand, by hand.

The company discovered the worm in a honeypot trap.