There’s an interesting link on MSNBC about malware that’s trying to solve CAPTCHAs. Basically it’s using an ruse of a sexy girl who tempts you with nudity if you type in some letters/numbers. The letters/numbers are, of course, to social networking sites, webmail or whatever. Very clever, but also very stupid at the same time.
One thing we’ve seen actually is pretty clever. Malware has the ability to do a lot, including re-writing webpages on the fly. However, the goal isn’t just to re-write some banners (yes, sometimes that is the goal) but sometimes it’s to steal information. And sometimes it makes sense from an attacker’s perspective to ask for an additional piece of information (like a social security number) on a form. What I haven’t seen is adding an additional CAPTCHA to a page, which would be totally invisible to the average user (unlike a stripper on your desktop, which is sort of the opposite of subtle).