1. Field of the Invention
This invention pertains in general to computer security, and more specifically to techniques for detecting graphic password deciphering attacks on computers.
2. Description of the Related Art
Computer systems are continually threatened by a risk of attack from malicious software or “malware” that is designed to destroy or harm other software or networks. As used herein, “malicious software” or “malware” is any software developed for the purpose of doing harm to a computer system, including “malicious code” (e.g., viruses, worms, and Trojan horses) or any code that enters a computer without an authorized user's knowledge and/or without an authorized user's consent. A “malicious attack” is any attack on or harm caused to a computer system by malicious software or any attempt to access restricted information (e.g., stealing valuable information, such as password-protected information, credit card numbers, etc).
Malicious software can harm a computer in a number of manners, and in some cases the malicious software causes harm by mimicking the actions of a human. For example, malicious software can target different types of web services, such as those that can be enabled through a web form that a human would typically fill out to gain access to the service. For example, companies offering free e-mail services (e.g., Yahoo® and Hotmail®) that can be signed up for and enabled simply through web forms are one target for malware attacks. Specifically, malicious entities that wish to establish anonymous and numerous e-mail accounts (e.g., perpetrators of e-mail fraud or companies sending masses of junk mail or spam) can deploy automated computer programs (e.g., bots) to create thousands of new e-mail accounts by filling out the web forms.
To manage this type of threat of attack, computer programs and services have attempted to establish techniques for distinguishing human interaction from computer programmatic interaction. One example includes presenting a graphic image of a word or other sequence of characters on a slightly noisy background (e.g., a cluttered or textured background), and then asking the user to type the displayed word or character sequence into a field. In some cases, the image has been distorted or modified in some manner. This technique is commonly referred to as “Completely Automated Public Turing Test to Tell Computers and Humans Apart” or “CAPTCHA.” This test applies the principle that it is programmatically difficult to sufficiently recognize the graphically displayed character sequence such that it can be programmatically entered into the corresponding field. In other words, this word or sequence of characters on a noisy background is presented to the user attempting to register for an e-mail account or other service, and the user is requested to read the word/character sequence and type it into a field before the web form can be successfully completed. Malware that automatically registers itself for numerous e-mail accounts has not in the past been able to easily recognize and enter the word or character sequence, thus making it difficult or impossible for the malware to complete the web form to sign up for an e-mail account.
Recently, however, there have been attempts to programmatically overcome the current CAPTCHA tests (e.g., there have been attempts at programmatically breaking the currently deployed CAPTCHA test at Yahoo®). These types of methods use standard techniques applied for solving object recognition problems. In other words, these methods include using techniques for comparing images of objects and for finding and tracking people in a video sequence. Finding the words or character sequences on the noisy background in a CAPTCHA test is equated with finding faces and body parts in an image and relating them to a human body (since images of people and objects are also often on noisy backgrounds). As these new methods for overcoming CAPTCHA tests become more readily available to attackers, the use of graphic password display as an assurance to the underlying software that it is interacting with a human user rather than another computer may no longer be as reliable.
Software security systems are also potential victims of attack by malware attempting to modify the security settings for a computer. Unless a user enables password protection on a security software settings invocation, software settings are currently vulnerable to programmatic malware attempts to change (e.g. disable) important security settings for a computer. However, in some cases, the default for the security software settings is not to require password protection on these important configuration settings. Standard password protection can introduce extra hassles for users and support issues for software providers. These reasons largely justify the decision of some software vendors and users to set the default for the password protection requirement setting so that password entry is not required. One solution for avoiding the hassles with enabling password protection is to employ a CAPTCHA test, including a graphic password prompt, as described above. However, while standard CAPTCHA tests can be used as a means to fend off these attacks, the current methods for circumventing these CAPTCHA tests make this a less viable option. Thus, software programs are still vulnerable to local graphic password deciphering attacks if password protection is not enabled since the standard CAPTCHA test no longer offers a reliable mechanism for distinguishing human interaction from computer programmatic interaction.
Therefore, there is a need in the art for a mechanism for effectively using a graphic password test (e.g., a CAPTCHA test) while still providing the ability for detecting attempts by computer programs to decipher the password for a malicious attack. It would also be useful for security information purposes to have a technique that allows detection of different types of graphic password deciphering attacks (without necessarily completely blocking these attacks) to get samples and gather information about the various attack techniques (e.g., to obtain early warning of different types of attacks that may occur).