BlackHat video: Xrumer, the forum spamming software

Ever wanted to see how one of the many available (PMBlaster, Zunker, Xrumer etc.) forum spamming software looks and runs like ?

See Xrumer in action.

What’s interesting to see in the video above, from the WhiteHat point of view, is how the program works. The procedures, the checklists, the options, so you can build your own anti-spam blockade.

Some of you guys, will be amazed to see how captchas and/or math spam questions are like so … 1945.

Important: Please be aware that I do NOT endorse, NOR do I recommend the use of such spamming software, except for your own, personal and private use, to see how the program functions. As one user says in this WP article about Xrumer, you have to know the enemy and the weapons used by the enemy before you can defend against them.

Published by

Cristian Mezei

I am myself.

17 thoughts on “BlackHat video: Xrumer, the forum spamming software”

  1. Xrumer is “old news” but still impressive in action. However, a good captcha and a cron job with a simple script that cleans the junk will keep a forum clean… most of the time.

  2. Adi, it’s actually not so easy to acomplish.

    Still, they exist and are used by thousands. That’s why Akismet and others were born.

    It’s like that military shit with Ebola and viruses. One makes the virus and takes money by selling it to Irak and stuff, and then makes the cure by selling it to the infected.

  3. I’ve always been curious how this PIECE OF SHIT works because I had hard times deleting all the spam generated inserted it. Indeed, a good (modified) captcha and a question that only a human can answer can spare you lots of headaches… Impressive nonetheless.

  4. This software, just like most other intelligent spamming software, can recognize all the default captchas from any forum or blog software.

    Not only that, but it can answer math and word questions pretty easily.

    What do you guys understand by custom captcha ?

  5. Custom captcha = not the one that came in the forum package – eg. I replaced the default phpBB captcha with this one and it works like a charm keeping the bad boys away. As for the second supposition, come on, how can a piece of software answer what’s missing from No**a (on a GSM related forum)… Did Skynet come alive and I’ve missed it? :)

  6. The problem is that you still need unique content to post, as these spammy coments wont still unless on unmoderated forums, which are full of spammy links anyway and have no importance because of the hundreds of links already there, its probably better you write your own postings at least they will stick, using that software you can post thousands of messages but about 5% will stick and only on forums that are probably already spam, so its a waste of time !!!

  7. Now this answered my question of “where the hell am I getting this load of spam on my forum”.

    btw, I thought that there were web based spam scripts, but its a software. hmmm

  8. @black hat

    Actually this software can pass a lot of human inspection or moderation. If the mods are not aware of xrumer software, and believe me most don’t know what it is and what it does, spam posts can easily be bypassed. Xrumer has the ability to spam links like in a Question-Answer session. It registers two usernames at a time. The first account is then used to ask a question, like where can I get the best car insurance? The other spam account answers his question and inserts the link.

    With a little creativity one can bypass most of the human inspections.

Comments are closed.