By deciphering the text, victims get to see more explicit images

Spammers have created a Windows game which shows a woman in a state of undress when people correctly type in text shown in an accompanying image.

The scrambled text images come from sites which use them to stop computers automatically signing up for accounts that can be put to illegal use.

By getting people to type in the text the spammers can take over the accounts and use them to send junk mail.

Text chat

The scrambled text systems used to defeat automatic sign-ups are known as Captchas or "Completely Automated Public Turing test to tell Computers and Humans Apart".

Typically they feature a disfigured word or one overlaid with artefacts that make it difficult for anyone but a human to decipher.

Many computer criminals have been trying to crack these systems to get at the net-based resources, such as e-mail accounts or blogging tools, they are designed to protect.

"The free e-mail services, so far, have been extremely successful at using Captchas to recognise a human being or an automatic program," said Raimund Genes, chief technology officer at Trend Micro.

The Windows game uses humans to crack anti-spam security

The novel system for getting round Captchas uses images of a woman called "melissa" who invites victims to decipher the scrambled text. Entering the correct text produces another image and another chunk of scrambled text.

Mr Genes said the Captchas seen with the first versions of the malicious program are all taken from the sign-up system for Yahoo webmail.

In the past many viruses have tricked people into opening booby-trapped attachments with the false promise of seeing explicit images, said Mr Genes, but this was one of the first to actually show people more images if people respond.

Because of the effectiveness of this technology, we have begun to see scammers adapt their tactics

Yahoo

Mr Genes said the program could prove because "the average male e-mail user would want to see more".

So far the two security firms who have spotted the program, Trend Micro and Panda Security, have not seen many copies of it in the wild suggesting few people have been caught out.

Mr Genes said it was very likely a proof of concept program that might find wide use in the future.

"Maybe they are trying it out to slip under the radar," he said. "More and more malware does not want to get any publicity, it wants to be silent and hidden."

The virtual stripper program arrives on machines that are already infected with malicious software, said Mr Genes. The program comes to life when the Internet Explorer browser is used on infected machines.

The Captcha-busting program can run on Windows 98, ME, NT, 2000, XP, and Server 2003.

Mr Genes recommended that people run anti-virus, anti-spyware and web watching programs to avoid infection and to install updates as soon as they become available.

A Yahoo spokesperson said: "Yahoo began deploying Captcha more than six years ago to help combat the ability for malicious programs to send spam.

"Because of the effectiveness of this technology, we have begun to see scammers adapt their tactics, where human beings solve the puzzles the viruses cannot."

The company added: "Yahoo is continuing to innovate in our defenses against this type of abuse. We have a number of mechanisms to help us detect and respond to abuse."