Those of you who read here regularly know that a good mystery or puzzle is a popular subject. Barely Sociable, a YouTuber who covers this kind of topic a lot, featured a recent video dealing with such a subject: The Fake Diploma Forum Spammer – Internet Oddities.
Of course, spam, in and of itself, isn’t a mystery (just check your inbox), but the strange thing about this particular spammer is how widespread and prolific the spam posts are, in spite of the fact that there are anti-spam protocols on most websites these days. Even so, this doesn’t mean that the anti-spam programs (like CAPTCHAs) are able to stop everything.
In any case, this particular spammer (who sometimes uses the name “Andy”) frequently advertises illegal diplomas, particularly to people who live in China, in which diplomas are a desirable commodity, especially to people who may be unable to afford the cost of going to a university. While it’s better to approach something like this with a degree of skepticism, someone who’s desperate might not.
Interestingly, it’s easy to find thousands of instances where Andy had posted on different sites by searching for “501058216” on different search engines, like DuckDuckGo, Google, and StartPage. This number references a WeChat ID used by Andy.
Also, Andy uses many variations on the name “dyellogfhf,” usually followed by a string of numbers. This Pastebin post lists quite a few of the different email addresses used by this same person: The Forum Spammer Txt Document. As Barely Sociable mentions in his video, it’s possible that one of the programs that Andy may be using is called XRumer, made by BotmasterLabs. The program advertises itself with the following description:
This software will help to increase traffic to website to hundreds, thousands [of] times. Program have [sic] a rich seven year history, which use [sic] experience of professionals in search engine optimization. Appreciate and use a truly unique and powerful XRumer program, can [sic] both professionals and beginners.
The use of a program like this might explain how the spammer is able to circumvent CAPTCHAs and other anti-spam methods. The version in question is proprietary and quite expensive, but there may be some open source or free versions floating around as well. (EDIT: there appears to be a newer version of XRumer called XEvil that has both free and premium versions, if people want to try it out.)
It’s also interesting to note that “Andy” may be involved in other illegal businesses as well (which is not that surprising, given the spam/fraud stuff). According to the video, the same person seems to be connected to a Korean escort service/massage parlor business, but under different usernames, one of these being “AN5858.”
If you actually visit an5858.com, you’ll see a site like this:
Initially, when visiting this site, the buttons were clickable, and led to a forum of sorts; that doesn’t seem to be the case now. It may be that Barely Sociable’s video was starting to draw unwanted attention to the site, and the owner disabled those functions.
All in all, the fact that “Andy” is a spammer and posts on as many websites as possible isn’t that strange, but the fact that he’s been able to get past many sites’ security protocols and is involved in multiple sketchy businesses is intriguing to me.
Has anyone else encountered this bot before on a site? Do you have any other interesting links to share related to it? Let me know in the comments, as usual.