Well, I had suspected long ago that there was something fishy about Orkut's sudden interest in its security. However, it was only recently that I found traces of BOT activity in my Network, and began to delve into the subject further. To begin with I received friend requests from people who were already in my friend list. Evidently, their account was being cloned. Then again, I have received a lot of Friend Requests recently from unknown people, all of them with the same message.
Take a minute to notice the short message with the request.
Besides, you get those advertising scraps all the time; it is more often than not BOT activity.
What are BOTS?
Internet bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. If you have chatted on Yahoo, you are sure to have encountered a BOT sometime. Chatting bots can chat. Needless to say these BOTS have a limited vocabulary; they have a fixed set of responses that they send other users. It is pretty easy to tell apart a BOT from a human user merely by interacting with it for 2 minutes; it is bound to make irrelevant comments at some point.
What can BOTS do?
BOTS can be used for commercial purposes, advertising.
BOTS can be for spamming.
BOTS can be used to coordinate and execute an automated attack on networked computers, such as a denial of service attack.
BOTS can be used to bring down a Website's responsiveness by sucking bandwidth by downloading entire web sites and sending automated requests.
There are other capabilities of BOTS but I'd appreciate if you look those up on wiki.
Why Orkut?
Orkut.com is a social networking website owned by the industry giant GOOGLE.This means orkut is very big and anyone can take advantage of its millions of users to sell his products and services.
But it is not as harmless as it sounds. Needless to say, your privacy can be invaded by BOTS if they have access to your profile page, your scraps and your images. I've heard of instances where hackers with malicious intentions have grabbed such information about a user and opened bank accounts/ applied for duplicate social security cards with the victims' identites and done similar stuff, cheating them of their resources and often commiting crimes pretending to be the vicim. It can get bad!
BOTS can also be use to install virus or other spyware on your system which can in turn be used to eavesdrop on you and do stuff that you wouldn't want.
How do BOTS get past CAPTCHA?
I've hinted at the answer to this question above. I found this statement on http://jetbots.com, a software company which specializes in programming BOTS and selling them:
*CAPTCHA Bypasser
We have just teamed up with a third-party CAPTCHA service and integrated their service in all of our bots (optional). You need to buy credits from a 3rd Party website, imagetotext.com and just type your user/pass in our software (if you want the software to bypass the CAPTCHAs) and everything is automatic from there - Just like you type the CAPTCHAs manually, the software will bypass the CAPTCHAs. We have added this service in our bots because we know that CAPTCHAs' sucks :-) And on request of lots of our loyal customers, just like YOU :) Thank you.
It comes as no surprise.The Great Wall of China was so designed that it could not be breached. But it was breached only because the guard was bribed.
What can you do?
BOTS will be there; there's nothing we users can do about it. Only the website developers can do anything in this regard. We can only exercise caution when we accept friend requests from people we don't know. We must not put confidential content about ourselves that can be used to clone us. We must not click on links we don't trust. What else?