With new automated tools to help them, spammers are getting better at cracking CAPTCHA (define) -- a program that protects Web sites by generating and grading tests that humans can pass but computers cannot, according to the MessageLabs Intelligence Report today.

One breach has resulted in fake blogs on Google's Blogger division, which may contain malicious code.

CAPTCHA -- short for "Completely Automated Public Turing test to tell Computers and Humans Apart" -- is used by many Web sites, including Google (NASDAQ: GOOG) and the Facebook social networking site, to protect their users.

By requiring visitors to enter distorted text into a Web form, it creates a bottleneck to mass mailings, thus making spamming unprofitable for cybercriminals.

Now they can crack CAPTCHA easily, spammers can get mass responses to their spams. They are posting blogs on Google Blogger that redirect victims to their own sites, and using fake Apple (NASDAQ: APPL) MobileMe accounts to send spam, according to MessageLabs, which provides messaging and Web security services.

Meanwhile, Khaty Shah, Apple's MobileMe spokesperson, told InternetNews.com by e-mail that phishing is a problem for many service providers. Users can go to protect themselves from phishing, Shah said.

At press time, Google spokesperson said it was looking into the matter. "We expect spammers to use every means possible to try to send spam. That's why we have a very robust spam-fighting effort at Google. We disable these accounts immediately and will continue to do so," the company said.

Bubbling on Bebo

Maxim Shipka, senior architect at MessageLabs, told InternetNews.com that spammers are now focusing on the social networking site Bebo as a vehicle for their spams because it's one of the 100 most visited Websites. "I think it's a proof of concept, they want to find out how profitable Bebo will be for them," he explained.

Bebo ranks 92 out of the top 100 sites. In Bebo, spammers include spam in buddy invites sent to other Bebo users, according to Shipka.

Using free e-mail addresses makes it harder to detect spam, because the reputation filters that spot spam compare the IP addresses of the computers from which e-mails are received against a list of known spammers. When an e-mail comes from a legitimate free e-mail service such as MobileMe, Gmail or Yahoo (NASDAQ: YHOO) Mail, it will pass the filter easily, even if it contains spam, Shipka said.

This article was first published on InternetNews.com. To read the full article, click here.