Heh. So let's make sure I understand this. Solving the CAPTCHA will give the victim the illusion of regaining control of their computer, yet it's the last step in creating a Facebook account? I'm actually a little impressed by this one.
I'm not entirely sure I understand this part though: "The bad guys have made it difficult for Facebook to cut them off, since active members are actually creating the new accounts, says Correll." What difference would the creating account's age have when making a new one? Sure, it has the benefit of originating from a relatively legitimate IP, but the age of the now compromised account seems arbitrary in this context.
Clicking on the link led to instructions to download a Flash Player update required to view the video. Clicking on the video player update downloaded a copy of the worm.
And this is why captcha's aren't that effective. They don't slow organized malicious hackers who can simply hire a third world worker to solve them for $1/hour, make a botnet make its victims do it like here, and so on. Meanwhile, many people are actually having trouble solving them.
Agreed, although I'd quibble about the use of "that" (effective). They do set the bar fairly high and therefore stop a lot of "casual" vandalism and spamming, at the very real cost you note.
I'm not entirely sure I understand this part though: "The bad guys have made it difficult for Facebook to cut them off, since active members are actually creating the new accounts, says Correll." What difference would the creating account's age have when making a new one? Sure, it has the benefit of originating from a relatively legitimate IP, but the age of the now compromised account seems arbitrary in this context.