I get a small amount of spam on my MySpace account - one or two a month as friend requests, messages or blog comments. Some people I see on MySpace have comment sections that are near 100% spam.
It doesn’t seem like there’s really any tool for mass-commenting or even mass-emailing people not on your Friends list (I can’t even figure out how to add my own friends to an address book).
So are people paid to physically log in, go to profiles and send comment/message spam? Or has someone come up with a way to do mass-messaging that circumvents the need to log in and go to profiles?
Please note that I don’t want people to describe in detail how to spam someone on MySpace! I just am curious as to the general methods used.
I’m certain there’s a program intended to spam MySpace. All it has to do is read the HTML on user pages for common links and be aware of the standardized layout for things like posting comments, inviting people and friend lists. I’d go as far as to bet that this same program is capable of spamming a plethora of message boards, social networking sites and other places where people gather and are likely to read posts or comments by others.
When it comes to scams and profits from shady or outright illegal ventures, there is no limit to what will be done that can be done – and this can be done quite simply.
ETA: I don’t have any first-hand knowledge, in case my post seems to imply that. But I know enough about programming to know how easy it is to pull something like that off, and with the motivation of a potentially profitable scam or venture, you can bet it has been pulled off.
I’ll agree with Mindfield, as a fellow programmer. It’s surprisingly easy to knock up a program to click through websites, fill in information in forms and so on, and do it automatically. I’ve written a few myself using Visual Basic 6, though that wasn’t with malicious intent, and the programs were only for personal use - downloading statements from my online bank account, downloading webmail messages, that sort of thing.
One such program is itself programmable using a bespoke scripting language, and it could certainly be used to spread spam through websites with very little effort. Again, it’s never been publicly distributed or used maliciously, but if I can do it, hell, any programmer with the time and knowledge and lack of moral guilt could too.
I strongly suspect that tools like this are routinely used to spread spam through the web. That’s why you have to retype those weirdly-shaped graphic characters when signing up for new accounts on so many systems - that’s almost unbeatable, as far as I know. Thank goodness.
I’ve noticed more and more forums that has those graphical signup requirements also get increasing amounts of spam - maybe the same economics that lets thousands of Chinese to play WoW 12 hours a day with large profits also alows Chinese people to sit around signing up for forums, then turning the accounts over to a Spamming tool? Or maybe they even sit there randomly copying and pasting messages from a list of spam messages? If you pay somebody a buck or two an hour you’d get quite a lot of spam messages on forum boards in return.
Many captchas have been cracked. Captcha crackers supposedly work by converting an image to grayscale; remiving noise, deinterlacing, and despeckling adjusting brightness and contrast; and then OCR. Others take advantage of flaws in a captcha such as a consistent typeface or style of distortion.
The captcha for vBulletin 3.0.* was cracked a long time ago. Most of the newest breed of captcha-cracking message board spambots were created by Russians.
Here’s a vBulletin 3.0 captcha.
http://img518.imageshack.us/img518/1980/30ps8.png
This is a vBulletin 3.6 captcha. Admis can add their own fonts, and there’s many different options for slant, random text size, and so on.
http://img518.imageshack.us/img518/3536/imageqa8.jpg
Most manual forum spam comes from India. In my experience, these IP blocks are the worst; blocking them eliminated about 85% to 90% of it.
59.92.: National Internet Backbone, Calcutta
59.93.: National Interent Backbone, Calcuttauser
59.176.: Mahanagar Telephone Nigam, Delhi
61.2.: National Internet Backbone, Delhi
61.16.: Primus India
122.162.: Airtel Broadband
122.167.: Airtel Broadband
122.168.: Airtel Broadband
125.99.: Hathaway Cable, Mumbai
203.123.: Spectranet, New Delhi
Do those Indian spams extend to E-Mail spam? I’ve noticed my spam proxy doesn’t include India in its list of blacklists, so I added those IP ranges just in case. 
There’s a lot of email spam from India, but not necessarily from just this cluster of IPs; blocking them might not make much of a dent. Forum/blog spam and email spam are entirely different creatures.
I used to get a lot of MySpace spam, mostly “women” wanting me to see their webcam. IIRC MySpace lets you restrict non-friend messages unless the person can provide your first name (in other words, they need to somewhat know you.) Nonetheless, I still get a spam every week or two, maybe the spammers run software that brute force guesses my mostly common first name?