Internet Mysteries: Who is an5858?

Those of you who read here regularly know that a good mystery or puzzle is a popular subject. Barely Sociable, a YouTuber who covers this kind of topic a lot, featured a recent video dealing with such a subject: The Fake Diploma Forum Spammer – Internet Oddities.

Of course, spam, in and of itself, isn’t a mystery (just check your inbox), but the strange thing about this particular spammer is how widespread and prolific the spam posts are, in spite of the fact that there are anti-spam protocols on most websites these days. Even so, this doesn’t mean that the anti-spam programs (like CAPTCHAs) are able to stop everything.

A while back, there was a post here entitled Who Would Hack, and it appears as though it may have been the same spammer that Barely Sociable is referring to in his video. While the site that they were advertising on WritersCafe was different than the one mentioned in the video, the spam messages used a very similar format. It may be that back when I wrote the post, the same person or people used a different site, which was unsuccessful, so they started up new businesses.

In any case, this particular spammer (who sometimes uses the name “Andy”) frequently advertises illegal diplomas, particularly to people who live in China, in which diplomas are a desirable commodity, especially to people who may be unable to afford the cost of going to a university. While it’s better to approach something like this with a degree of skepticism, someone who’s desperate might not.

Interestingly, it’s easy to find thousands of instances where Andy had posted on different sites by searching for “501058216” on different search engines, like DuckDuckGo, Google, and StartPage. This number references a WeChat ID used by Andy.

Also, Andy uses many variations on the name “dyellogfhf,” usually followed by a string of numbers. This Pastebin post lists quite a few of the different email addresses used by this same person: The Forum Spammer Txt Document. As Barely Sociable mentions in his video, it’s possible that one of the programs that Andy may be using is called XRumer, made by BotmasterLabs. The program advertises itself with the following description:

This software will help to increase traffic to website to hundreds, thousands [of] times. Program have [sic] a rich seven year history, which use [sic] experience of professionals in search engine optimization. Appreciate and use a truly unique and powerful XRumer program, can [sic] both professionals and beginners.

The use of a program like this might explain how the spammer is able to circumvent CAPTCHAs and other anti-spam methods. The version in question is proprietary and quite expensive, but there may be some open source or free versions floating around as well. (EDIT: there appears to be a newer version of XRumer called XEvil that has both free and premium versions, if people want to try it out.)

XEvil’s homepage

It’s also interesting to note that “Andy” may be involved in other illegal businesses as well (which is not that surprising, given the spam/fraud stuff). According to the video, the same person seems to be connected to a Korean escort service/massage parlor business, but under different usernames, one of these being “AN5858.”

If you actually visit, you’ll see a site like this:

Initially, when visiting this site, the buttons were clickable, and led to a forum of sorts; that doesn’t seem to be the case now. It may be that Barely Sociable’s video was starting to draw unwanted attention to the site, and the owner disabled those functions.

All in all, the fact that “Andy” is a spammer and posts on as many websites as possible isn’t that strange, but the fact that he’s been able to get past many sites’ security protocols and is involved in multiple sketchy businesses is intriguing to me.

Has anyone else encountered this bot before on a site? Do you have any other interesting links to share related to it? Let me know in the comments, as usual.

2 thoughts on “Internet Mysteries: Who is an5858?”

  1. In reference to spam filters not being able to stop this person, I think if you have any cyber-security application that’s controlled by a machine learning algorithm, you’re operating on fuzzy logic, so the AI is going to make mistakes from time to time, because you can’t gain human-like intelligence without introducing a level of human error. I think as spam filters and other cyber-security programs rely increasingly on AI, we’re going to see a shift in the focus of spammers, crackers, etc. from traditional methods of exploiting known vulnerabilities to finding ways to fool the AI into thinking a session, program, message, etc. is non-malicious. This is a pen-testing project I’ve had in the works for the last couple weeks – the problem of how to bypass a security system that’s actually intelligent, and I’m eager to try out some of the concepts I’ve come up with on my own HackMe server (in the safety of my own pen-testing lab of course) using an ML framework like TensorFlow or Jupyter. It’s going to be pretty interesting to see the direction that hacking as a field of research goes in as AI takes over the security scene.

Leave a Reply to psychocod3r Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.