I've been emailing with the author of the article about this, as I wanted to check the proof that drive-by spamming is being used to hit wireless LANs. Long story short, there is no evidence that wireless lans have been used in a drive by spamming method, and the source was misquoted. If anyone does have any real evidence, and not FUD, please email me offlist.
From: http://www.oblomovka.com/ 2002-09-06 Drive-by spamming: still a theoretical danger Quote from Adrian Wright, the expert "quoted" in a ZD Net story which claimed spammers were using open WiFi points to send "millions" of unsoliticed e-mails : It seems I've been everso slightly misquoted in that I actually said 'could' in this presentation. i.e. "These people COULD simply drive up to a building armed with their... Apart from that it looks like a good story! Although I know of no hard evidence that this practice of wireless drive-by spamming is taking place, I would be surprised if it was not happening - given the increasing difficulties spammers face in retaining legitimate ISP access - within the more developed nations anyway. My emphasis. In other words, "drive-by spamming" is still a something that some people endlessly predict will happen if you leave your AP insecure, but of which no record exists in the wild. Adrian also said that drive-by spamming had been covered many times (true) and ZDNet was one of the most prominent new sources documenting the existence of this practice. Wait - you're using as an authority the very organisation who completely misquoted you? On the same topic? Is that wise? 2002-09-05 Drive-by Spamming Hmm. ZDNet UK is reporting that "millions of mails" are being sent by people who pull up to open wifi networks, and use them to anonymously spam. Okay, I'm suspicious. Spamming through open networks was always a theoretical possibility (indeed, I remember people referring to drive-by spamming almost as early as wardriving was coined), but I've never heard of it happening in the wild. I've just left a message with Adrian Wright, the British security expert quoted in the article, to see if he has any concrete cases. I suspect either either he's pulling the examples out of his imaginary analyst hat, or he's been misquoted. -- NYCwireless - http://www.nycwireless.net/ Un/Subscribe: http://lists.nycwireless.net/mailman/listinfo/nycwireless/ Archives: http://lists.nycwireless.net/pipermail/nycwireless/
