Those of you who read here regularly know that I love a good mystery and/or puzzle. I recently subscribed to a YouTube channel called Barely Sociable, who covers this kind of topic a lot, and one video in particular stood out: The Fake Diploma Forum Spammer – Internet Oddities.
Of course, spam, in and of itself, isn’t a mystery (just check your inbox), but the strange thing about this particular spammer is how widespread and prolific the spam posts are, in spite of the fact that there are anti-spam protocols on most websites these days. Even so, this doesn’t mean that the anti-spam programs (like CAPTCHAs) are able to stop everything.
A while back, I had written a post entitled Who Would Hack writerscafe.org?, and I believe that it may have been the same spammer (or one involved in similar scams) that Barely Sociable is referring to in his video. While the site that they were advertising on WritersCafe was different than the one mentioned in the video, the spam messages used a very similar format. It may be that back when I wrote the post, the same person or people used a different site, which was unsuccessful, so they started up new businesses.
In any case, this particular spammer (who sometimes uses the name “Andy”) frequently advertises illegal diplomas, particularly to people who live in China, in which diplomas are a desirable commodity, especially to people who may be unable to afford the cost of going to a university. While I would approach something like this with a degree of skepticism, someone who’s desperate might not.
Interestingly, I managed to find thousands of instances where Andy had posted on different sites by searching for “501058216” on different search engines, like DuckDuckGo, Google, and StartPage. This number references a WeChat ID used by Andy.
Also, Andy uses many variations on the name “dyellogfhf,” usually followed by a string of numbers. This Pastebin post lists quite a few of the different email addresses used by this same person: The Forum Spammer Txt Document. As Barely Sociable mentions in his video, it’s possible that one of the programs that Andy may be using is called XRumer, made by BotmasterLabs. The program advertises itself with the following description:
This software will help to increase traffic to website to hundreds, thousands times. Program have a rich seven year history, which use experience of professionals in search engine optimization. Appreciate and use a truly unique and powerful XRumer program, can both professionals and beginners.
The use of a program like this might explain how the spammer is able to circumvent CAPTCHAs and other anti-spam methods. The version in question is proprietary and quite expensive, but there may be some open source versions floating around as well.
It’s also interesting to note that “Andy” may be involved in other illegal businesses as well (which is not that surprising, given the spam/fraud stuff). According to the video, the same person seems to be connected to a Korean escort service/massage parlor business, but under different usernames, one of these being “AN5858.”
If you actually visit an5858.com, you’ll see a site like this:
Initially, when I had visited this site, the buttons were clickable, and led to a forum of sorts; that doesn’t seem to be the case now. It may be that Barely Sociable’s video was starting to draw unwanted attention to the site, and the owner disabled those functions.
All in all, the fact that “Andy” is a spammer and posts on as many websites as possible isn’t that strange, but the fact that he’s been able to get past many sites’ security protocols and is involved in multiple sketchy businesses is intriguing to me.
Has anyone else encountered this bot before on a site? Do you have any other interesting links to share related to it? Let me know in the comments, as usual.