CYBERSPACE — It pays to play safe and use protection, whether it’s in the flesh world of sexual contacts or the virtual world of passwords and usernames. Most of the time things go fine, sometimes bugs slip through – and sometimes people just do stupid shit. What could be more tempting than a free emailed game featuring a sexy chick willing to take off her clothing in exchange for a correct answer? Just as some men get more than they bargained for in the real world, so are an increasing number of Captcha enslaved virtual stripper players finding that when “Melissa’s” clothes came off, so did their email security.

A “Completely Automated Public Turing Test to tell Computers and Humans Apart” image is one that presents scrambled letters and/or numbers amidst a visually noisy field and then requires that the end user replicate the sequence before gaining entrance to protected material.

Many anti-spam programs, blog and free email services use them to separate the online wheat from the chaff. Raimund Genes, chief technology officer at Trend Micro observes that although code crackers have been doing their best to foil the screening technique, “The free email services, so far, have been extremely successful at using Captchas to recognize a human being or an automatic program.”

Unfortunately for the Yahoo email system, technologically envious crackers are getting more clever in their never-ending attempts to emulate the company’s tactics – and they know what ‘net geeks like.

Slutting her way through the Yahoo webmail sign-up system is “Melissa,” the Captcha program that lures email addresses away from the unwary by urging them to work their way through a series of scrambled and distorted text boxes, typing the alphanumeric sequences correctly for greater access to her barely there’s and beyond.

Fortunately for the world’s email systems, there do not appear to be many copies of “Melissa” successfully accomplishing their goals, according to Trend Micro and Panda Security, two firms that have come across the security breaking game.

According to the BBC, Genes believes that “Melissa” is a proof-of-concept program just stretching its legs. “Maybe they are trying it out to slip under the radar,” he suggests. “More and more malware does not want to get any publicity; it wants to be silent and hidden.”

A Yahoo representative indicated that the company is aware that its security system is constantly under observation and study by malicious crackers and that “Yahoo is continuing to innovate in our defenses against this type of abuse. We have a number of mechanisms to help us detect and respond to abuse.”

“Melissa” runs on already malware ridden machines running Windows 98, ME, NT, 2000, XP, and Server 2003 and becomes active when the Microsoft’s Internet Explorer browser is launched. The usual advice about installing and running anti-spyware, anti-viral, and anti-web watching programs continues to be applicable, as does the recommendation that computer users install security updates promptly.