Panda Security has discovered a malware tool designed to post spam and links pointing to Web pages infected by malicious software on forums, Web sites and blogs.
Sold in different online forums for $450, XRumer can post over 1 100 comments in less than fifteen minutes, its creators claim.
Panda Security SA CE Jeremy Matthews says the programme works in the following way: first, cyber-crooks specify the message and link they want XRumer to post on the different forums, as well as the user name, e-mail address, etc, with which it must register. Usually, the spam message contains a link to pages infected with malware, even though this tool can also be used to advertise Web sites through spam.
Then, cyber-crooks search the Internet for pages, blogs or forums that allow visitors to add their comments. To do this, cyber-crooks usually use Hrefer, a tool that uses Internet search engines to find these types of pages, and which can be purchased together with XRumer for an additional $50. Next, the malicious programme registers as a user and publishes its comment.
"The success of blogs and forums has not gone unnoticed to cyber-crooks, who use them to try to infect as many people as possible," says Matthews. "These Web sites usually contain security measures such as captcha - number and letter codes used to check registration is carried out by a person - or blocking of suspicious IP addresses to avoid automatic registration via robots," he adds.
"XRumer, however, is designed to bypass such security measures. It can recognise text included in several image types, and it has a long list of computers whose IP address can be used as proxies to avoid using cyber-crooks' addresses, which could be blocked."
XRumer can publish comments on sites created by phpBB, PHP-Nuke [with some modification], yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and phorum.org.
Related stories:
Trojans still top of the pops
Trojans, adware dominate
Staff steal data
Security - the Web2.0 way
Share