Just when you thought you had that spam under control: There's a new, inexpensive software package out that helps spammers send out their messages -- and frequently, malware -- at record speeds.
Security researchers at Panda Labs yesterday reported that they have spotted the sale of a new tool called XRumer that promises to help spammers get their messages out to larger numbers of users in less time than ever before.
XRumer, which retails for $450, automates the process of registering, logging onto and posting messages on online forums and Websites that accept comments. The software could help a spammer post a message to myriad online communities, including blogs, wikis, or guestbooks. It is capable of responding to many types of "captcha" images that are designed to prevent automated postings, according to Botmaster, which sells the program.
XRumer works with another Botmaster application, Hrefer, a $50 tool that seeks out forums and other Web pages where public comments are accepted. Hrefer finds the pages that can accept the spam messages, and XRumer handles the registration and posting of those messages, Botmaster says. Working together, the tools also give spammers a list of proxies that they can use to hide their originating IP addresses.
Although Panda Labs is reporting XRumer as a security threat, Botmaster's Website contends that the software breaks no laws.
"In no way does XRumer act like a spam-bot," Botmaster says. "Spam is defined in legislation as unsolicited email, whereas XRumer simply posts messages created by users, which cannot be illegal, providing the user does not [post] anything prohibited by the law." Most anti-spam laws only apply to messages sent to users' email boxes, not to public forums where users read and submit messages voluntarily, Botmaster maintains.
Forum moderators and Webmasters can usually remove spam messages, but XRumer is set up to avoid automated systems that filter "offtopic" messages, Botmaster says.
Panda Labs warns enterprises that online comment pages and forums are becoming increasingly popular targets. "It has become more and more usual to see Websites -- forums, blogs, wikis, guestbooks, etc. -- that contain advertising comments or links that direct users to sites that infect their systems with malware," the security vendor says.
Tim Wilson, Site Editor, Dark Reading