The life of a spambot - xRumer

Question

>shadow< 11 Posting Pro

15 Years Ago

well, I received my tenth spam post in a single day
The software xRumer, Puts it all there, its a fast spambot
I downloaded the software and it came back with

Result: captcha recognized;activation code was sent: "requires validation";

So, there we go, an old fashion trick at making sure the member validates email address
The software can recognize 700 captchas! - So was this safe enough? no, I still have spammers :D

Its ridiculous that this software is available for download however it is the user that chooses to spam with it (same way that the user decides to pay $450 for it)

So my next experiment was Daniweb, I wasnt trying to destroy anything, Just see if it would let me register

Result: captcha recognized (multiply attempts);registered;

At this point, It asked me if I would like to post?, Which it then gave the option for me to post 3000 new threads of spam

So, this is proxy spamming at a high height
I do not intend to use this software but it did make me aware of how easy it is to spam

Now, onto the folder "ProjectFill" that is included
It gives literally sixteen thousand female names
43 thousand city names
500 occupations
32 interests
as well as
nicknames, passwords, fake ICQ, Fake email's
So then the software scrambles these around and begins to spam with different IP's, names,passwords and so on

Now, This part is scary, you know those captchas that we think aren't fool able?
example - what is 2+2 or type a word: here

Well, here is a snippet of code that it has in its walls

#><span class="gensmall">Quanto;fa;?<
davec_result
#>What is the name of the applet (hint: pjirc)?<
answer=pjirc
#>What is the number of minutes in one hour?<
answer=60
#>Anti-Spam: What is ;the;?
answer

The software also Mass PM'S

This type of thing can destroy the internet as we know it
When you program the software to crawl, it comes back with every single forum on the web, meaning if you were to leave it spamming for 7 days, you could almost have half of every forum or blog spammed by you

I literally gained 67 megabites of text document using this, and we all know how light txt documents can be

I did not write this to advertise, I wrote this to let everyone know, what type of spambots we might be dealing with

social-media

2 Contributors
3 Replies
144 Views
1 Day Discussion Span
Latest Post 15 Years Ago Latest Post by osjak

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

osjak 0 Newbie Poster · Answer 1 · 2008-04-24T15:21:56+00:00

I tested it on several on my forums. It gave me "registered" status on all of them, but in fact did not register a single time. Looks like we all can sleep tight, Internet will be safe ;)

>shadow< 11 Posting Pro · Answer 2 · 2008-04-24T15:26:07+00:00

now go to your members lists and check the validated,
If you used the demo the member should be xRumer (with numbers at end)

osjak 0 Newbie Poster · Answer 3 · 2008-04-24T15:36:03+00:00

Yep, checked on those waiting for validation - no brand new users waiting for validation. BTW, I checked on vBulletin and SMF forums, all require email validation.