FYI...

- http://www.websense.com/securitylabs/blog/....php?BlogID=171
Feb 6 2008 - "...Windows Live Mail accounts have been targeted in recent spammer tactics. In these recent attacks, spammers have managed to create bots that are capable of signing up and creating random Live Mail accounts that could be used for a wide range of subsequent attacks. Windows Live Mail is a part of the Microsoft Windows Live portfolio of services... Websense believes that there are three main advantages to this approach for the spammers. First, the Microsoft domain is unlikely to be blacklisted. Second, they are free to sign up. And third, it may be hard to keep track of them as there are millions of users worldwide using the service... First, the bot is observed to request the Live Mail registration page and it begins filling in the necessary form fields (as any ordinary user would be required to) with random data. When it comes to the CAPTCHA verification test, the bot sends the CAPTCHA image to its CAPTCHA breaking service for the text in the image... The spammers have now streamlined the process of mass-registering free email accounts for nefarious purposes... We note that on average, 1 in every 3 CAPTCHA breaking requests succeeds—setting the bot’s success rate at around 30-35%... Websense believes that these accounts could be used by the spammers at any time for a variety of social-engineering attacks in future. A wide range of attacks would be possible using the same account credentials in other significant and extended Live services offered by Microsoft Corporation, such as Live Messenger (instant messaging), Live Spaces (online storage), etc."

(Screenshots available at the URL above.)