XRumer

Last updated

XRumer
Stable release
19.0.11 / 6 April 2022
Preview release
5.0 / 1 October 2010
Operating system Microsoft Windows
Available inEnglish, Russian, Czech, German, Polish
Type Automated forum/blog/guestbook posting tool
License Proprietary
Website http://www.botmasterlabs.net/xrumer/

XRumer is a piece of software made for spamming [1] online forums and comment sections. It is marketed as a program for search engine optimization and was created by BotmasterLabs. It is able to register and post to forums (forum spam) with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP, and features a proxy checking tool to verify the integrity and anonymity of the proxies used.

Contents

Xrumer paved the way for a slew of link spamming software, such as GSA Search Engine Ranker, Money Robot, Seo Autopilot, and Seo Neo. The latest version of the software (Xrumer 23 StrongAI in June 2024) utilizes AI technology to create spam content, solve graphical CAPTCHAs, answer questions, and other automated tasks.

In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product. The side effect of these innocent-looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google ranking without falling afoul of forum posting policies. The software is also capable of avoiding detection by making posts in off-topic, spam and overflow sections of forums, thus attempting to keep its activities in high activity low content areas of the targeted forum. However, there are other platforms used to spam to, which includes website comment spam.

Method of operation

XRumer is capable of posting to blogs and guestbooks in addition to its main role as an automated forum posting tool. It can also create forum profiles complete with signature in an attempt to avoid alerting forum administrators with any off-topic forum posts. The software is also able to gather and decipher artificial intelligence such as security questions (i.e. what is 2+2?) often used by forums upon registration. Since the latest version[ which? ] of XRumer, the software is capable of collecting such security questions from multiple sources and is much more effective in defeating them.

Helper program Hrefer is also included. This software is used to automatically parse results from search engines including Google, Yahoo, Bing and Yandex for forums and blogs that can then be used as a target list for the main XRumer application.[ citation needed ]

According to The Register , as of October 2008, XRumer can defeat captchas of Hotmail and Gmail. This enables the software to create accounts with these free email services, which are used to register in forums that it posts to. [2] XRumer also posts slowly initially, in an attempt to avoid detection by posting unnaturally fast. Between 2009 and 2011 XRumer no longer recognized Hotmail and Gmail captchas due to a change in captcha format. Users of XRumer could only defeat such captchas utilizing external human captcha services.

Defenses

Webmasters of topical forums face an ongoing battle against XRumer software, users of which are almost always in violation of forum terms of service, and/or have no interest in the actual forum topic. The users of the software have created an entire industry whose sole purpose is to protect internet sites against users of XRumer. Forum administration tasks against XRumer are often a constant, daily effort, which include identifying new user accounts that are from XRumer users, deleting posts/threads created by the software, and deleting/disabling the user accounts.

The easiest method to defeat Xrumer is to simply require the first post of any new forum member or blog poster to be approved before it can appear. There are several resources that help block forum spam, which reference reports of forum spam by username and IP address. If a user/IP has appeared in the site's lists, it is highly likely that it is a black-hat user of XRumer. Common defensive actions by webmasters are to institute IP-based posting bans on subnetworks used by the spammers.

The spam messages in a forum typically take the form of "link spam" which will often be included in older topics and private messages (PMs) leaving the newer threads and posted messages "clear" of apparent spam. Sophisticated spammers will copy posts from other areas of the site, giving the appearance of a valid, on-topic reply. The best clue that it is a spammer is that the links in the user profile are completely unrelated to the forum topic, and the posted messages, while seemingly within the general topic of the forum, will be non-sequiturs and out-of-place within the topic thread. Alternatively, the spammers post generic "I am excited to begin posting and contributing here." messages that are content-neutral.

The damage caused to forums is classified in several areas: first and foremost, the admin time to clean the forum; second, the server bandwidth to accommodate the spam postings; third, the storage requirements at the forum server for the spam messages that are devoid of content; fourth, the community alienation and irritation around seeing spam; fifth, the offense to innocent forum members if their posts are mistaken as spam or their accounts suspended in error for suspected spamming; and sixth, the lowering of the information-to-noise ratio of the forum, which diminishes the value of the forum, skewing usage/active user statistics used to determine advertising rates.

E-mail account creation

As per the latest update to XRumer 7 the software is able to automatically register e-mail accounts on mail.ru (Russian IP addresses only) and Gmail. Support for creating e-mail accounts in an automated fashion on Hotmail and AOL has been completely removed. The technique employed by XRumer to bypass the CAPTCHA protection in Gmail and mail.ru is averaging. A captcha is a challenge-response test frequently used by internet services in order to verify that the user is actually a human rather than a computer program. Commonly, captchas are dynamically created images of random numbers and/or letters. These images are distorted in some way so that the human eye can still recognize them, but with the goal to make automatic recognition impossible. Captchas are used by free-mail services to prevent automatic creation of a huge number of email accounts and to protect automatic form submissions on blogs, forums and article directories. As of November 2012, Xrumer has once again cracked Recaptcha, and is able to successfully post to Forums/Blogs that use it.

Averaging is a common method in physics to reduce noise in input data. The averaging attack can be used on image-based captchas if the following conditions are met:

The predominant distortion in the captcha is of noise-like nature. It is possible to extract a series of different images with the same information encoded in them. Averaging of a series of images can be used to improve image quality (reduce distortion, or improve signal-to-noise ratio, so to say) of captchas and hence to make them more easily recognizable by OCR (optical character recognition) systems.

The fact that noise and payload behave differently on "reload" is exploited. This allows the program to separate them and hence defeat the captcha without the need for a sophisticated algorithm.

Related Research Articles

<span class="mw-page-title-main">Spamming</span> Unsolicited electronic messages, especially advertisements

Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, non-commercial proselytizing, or any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.

A CAPTCHA is a type of challenge–response test used in computing to determine whether the user is human in order to deter bot attacks and spam.

<span class="mw-page-title-main">Internet forum</span> Online discussion site

An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are often longer than one line of text, and are at least temporarily archived. Also, depending on the access level of a user or the forum set-up, a posted message might need to be approved by a moderator before it becomes publicly visible.

Various anti-spam techniques are used to prevent email spam.

Address munging is the practice of disguising an e-mail address to prevent it from being automatically collected by unsolicited bulk e-mail providers. Address munging is intended to disguise an e-mail address in a way that prevents computer software from seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance.

<span class="mw-page-title-main">Gmail</span> Email service provided by Google

Gmail is the email service provided by Google. As of 2019, it had 1.5 billion active users worldwide, making it the largest email service in the world. It also provides a webmail interface, accessible through a web browser, and is also accessible through the official mobile application. Google also supports the use of third-party email clients via the POP and IMAP protocols.

This article outlines the general features commonly found in various Internet forum software packages. It highlights major features that the manager of a forum might want and should expect to be commonly available in different forum software. These comparisons do not include remotely hosted services which use their own proprietary software, rather than offering a package for download which webmasters can host by themselves.

A spambot is a computer program designed to assist in the sending of spam. Spambots usually create accounts and send spam messages with them. Web hosts and website operators have responded by banning spammers, leading to an ongoing struggle between them and spammers in which spammers find new ways to evade the bans and anti-spam programs, and hosts counteract these methods.

Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.

SORBS was a list of e-mail servers suspected of sending or relaying spam. It had been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

<span class="mw-page-title-main">Blue Frog</span>

Blue Frog was a freely-licensed anti-spam tool produced by Blue Security Inc. and operated as part of a community-based system which tried to persuade spammers to remove community members' addresses from their mailing lists by automating the complaint process for each user as spam is received. Blue Security maintained these addresses in a hashed form in a Do Not Intrude Registry, and spammers could use free tools to clean their lists. The tool was discontinued in 2006.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

<span class="mw-page-title-main">History of Gmail</span>

The public history of Gmail dates back to 2004. Gmail, a free, advertising-supported webmail service with support for Email clients, is a product from Google. Over its history, the Gmail interface has become integrated with many other products and services from the company, with basic integration as part of Google Account and specific integration points with services such as Google+, Google Calendar, Google Drive, Google Hangouts, Google Meet, YouTube, and Google Buzz. It has also been made available as part of G Suite. The Official Gmail Blog tracks the public history of Gmail from July 2007.

A challenge–response system is a type of that automatically sends a reply with a challenge to the (alleged) sender of an incoming e-mail. It was originally designed in 1997 by Stan Weatherby, and was called Email Verification. In this reply, the purported sender is asked to perform some action to assure delivery of the original message, which would otherwise not be delivered. The action to perform typically takes relatively little effort to do once, but great effort to perform in large numbers. This effectively filters out spammers. Challenge–response systems only need to send challenges to unknown senders. Senders that have previously performed the challenging action, or who have previously been sent e-mail(s) to, would be automatically receive a challenge.

<span class="mw-page-title-main">Outlook.com</span> Microsoft webmail service

Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. This includes a webmail interface featuring mail, calendaring, contacts, and tasks services. Outlook can also be accessed via email clients using the IMAP or POP protocols.

<span class="mw-page-title-main">Gmail interface</span>

The Gmail interface makes Gmail unique amongst webmail systems for several reasons. Most evident to users are its search-oriented features and means of managing e-mail in a "conversation view" that is similar to an Internet forum.

Forum spam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, trolling and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with intent to get the spam in front of readers who would not otherwise have anything to do with it intentionally.

Email spammers have developed a variety of ways to deliver email spam throughout the years, such as mass-creating accounts on services such as Hotmail or using another person's network to send email spam. Many techniques to block, filter, or otherwise remove email spam from inboxes have been developed by internet users, system administrators and internet service providers. Due to this, email spammers have developed their own techniques to send email spam, which are listed below.

EmailTray is a lightweight email client for the Microsoft Windows operating system. EmailTray was developed by Internet Promotion Agency S.A., a software development d.

A mailbox provider, mail service provider or, somewhat improperly, email service provider is a provider of email hosting. It implements email servers to send, receive, accept, and store email for other organizations or end users, on their behalf.

References

  1. "Xrumer: The Spammer's Toolkit". Symantec. Retrieved 23 March 2018.
  2. John Leyden (3 October 2008). "Spam swine break next-gen CAPTCHAs: Hotmail, Gmail and kitchen-based checks all neutered". The Register . Retrieved 17 October 2008.