Websense Security Labs is reporting that spammers have found away around Windows Live Mail's CAPTCHA system and are using bots to create thousands of accounts to spam with. Since the Microsoft domain is more or less blacklist proof, it's very attractive to spammers. From the Websense blog:

First, the bot is observed to request the Live Mail registration page and it begins filling in the necessary form fields (as any ordinary user would be required to) with random data. When it comes to the CAPTCHA verification test, the bot sends the CAPTCHA image to its CAPTCHA breaking service for the text in the image

Websense believes that these accounts could be used by the spammers at any time for a variety of social-engineering attacks in future. A wide range of attacks would be possible using the same account credentials in other significant and extended Live services offered by Microsoft Corporation, such as Live Messenger (instant messaging), Live Spaces (online storage), etc.

Check out their blog for screenshots of the spam and the process the spammers are using to get around the CAPTCHA system. This is looking to be a huge problem for Microsoft!