As we commented in Spam in PHP forums and in Spam in PHP forums (II), it has become more and more usual to see websites (forums, blogs, wikis, guestbooks, etc…) that contain advertising comments or links that direct to sites that infect with malware.

We are going to talk about a program that allows this type of comments to be created: the XRumer.

It is sold for $450, and for $50 more you can have the Hrefer, which includes more functions.

This application, with regard to the web section, is more powerful than Zunker, as this is only able to post in phpBB and VBulleting.

Xrumer allows to post in phpBB and PHP-Nuke (with any modification), yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, and

 Basically, it follows the process below:

            It looks for websites where comments can be inserted.

            It registers itself as a user.

            It posts the message.

This type of websites usually include human verification codes, in order to make automatic registration more difficult for this kind of robots or they use filters in order to block IP addresses that carry out suspicious operations.

That’s why, this program is able to recognize the texts in the following type of images:

It also allows to connect to a list of proxies in order to use different IP addresses.

Here you have a video where the working of the program is shown.

According to the comments of its creators, it is able to post 1100 links in only 15 minutes.