XRumer
Stable release | 5.04 palladium
|
---|---|
Operating system | Microsoft Windows |
Available in | English, Russian, Czech, German |
Type | Automated forum/blog/guestboog posting Tool |
License | Proprietary |
Website | www |
XRumer is a Windows program that posts forum spam with the aim of boosting search engine rankings. It has been claimed that the program is able to bypass techniques commonly used by many websites to deter automated spam, such as account registration, CAPTCHAs, and e-mail activation before posting. The program makes heavy use of a database of known open proxies in an attempt to make it more difficult for administrators to block posts.
In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. Akismet for WordPress is showing the first post as SPAM. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google stats without falling afoul of forum posting policies.
According to The Register, the latest version of XRumer can defeat CAPTCHAs of Hotmail and GMail. This enables the software to create accounts with these free email services, which are used to register in forums that it posts to.[1] [2]
Most spam attacks on forums generally occur in waves, and the software will not spam at full speed initially. Thus, a good strategy for limiting the damage of such attacks is to target new members who have random series' of alphanumeric characters for their usernames. The multiple instances of a spam bot will have obvious similarities in their email addresses (and will usually be random themselves), allowing members that match the profile of other spam bots to be banned before they even post. As mentioned - proxies are used, making IP bans ineffective, however it is possible to block the posting of threads containing certain text, or links to a certain site. Once a product or site has been spammed, it can be blocked, preventing the software from successfully uploading its payload.
References
- ^ John Leyden (3 October 2008). "Spam swine break next-gen CAPTCHAs: Hotmail, Gmail and kitchen-based checks all neutered". The Register. Retrieved 2008-10-17.
- ^ Sumeet Prasad (4 October 2008). "Microsoft Live Hotmail Under Attack by Streamlined Anti-CAPTCHA and Mass-mailing Operations". WebSense. Retrieved 2008-10-17.
- Brian Kerbs (8 January 2007). "Scary Blogspam Automation Tools". Washington Post. Retrieved 2007-01-13.
{{cite news}}
: Check date values in:|date=
(help) - Conrad Askland. "Xrumer Link Scam - Black Hat SEO". Retrieved 2007-01-13.
- "Malware targets bloggers". ITweb. 3 August 2007. Retrieved 2007-08-30.
{{cite news}}
: Check date values in:|date=
(help) - Blogger. "Blog about XRumer".
Side note: Project Honeypot does protect from XRumer. It is especially useful with CMSs.