What is drive-by spamming? - Definition from Whatis.com

Drive-by spamming is a variation of drive-by hacking in which the perpetrators gain access to a vulnerable wireless local area network (WLAN) and use that access to send huge volumes of spam. Using the drive-by method allows spammers to save themselves the considerable bandwidth costs required to send that many messages legitimately, and makes it very difficult for anyone to trace the spam back to its source.

A drive-by spamming incident starts with war

Learn More

driving: driving around seeking insecure networks, using a computer equipped with a wireless Ethernet card and some kind of an antenna. A wireless LAN's range often extends beyond the building housing it, and the network may broadcast identifying information that makes access simple. Once the attacker finds an unprotected e-mail (SMTP) port, the attacker can send e-mail as easily as someone inside the building. To the mail server, the messages appear to have come from an authorized network user.

According to a report in Geek News, 60-80% of wireless LANS are vulnerable to a drive-by attack, mostly because administrators fail to change the default settings for network access points (devices that serve as base stations in a wireless network) when configuring the network.

This was last updated in April 2003

Dig Deeper

  • In-the-cloud defenses for mobile malware

    Mobile antivirus programs apply laptop best practices to PDAs and smartphones, but there are many other ways to protect corporate assets from mobile malware. Complementary "in the cloud" defenses include enterprise sync servers, network gateways and wireless services that incorporate mobile malware filtering. Learning from experience: Our decade-long fight against Win32 malware has shown that PC-resident virus/spyware scanners and spam/phishing filters are necessary but inefficient. Keeping those programs and signatures current has become an onerous, time-sensitive chore.

  • iPhone encryption is a must for the security-conscious enterprise

    Apple is advertising the iPhone 3G as something that consumers can use at work. IT managers with high security requirements beg to differ. They want full device encryption and centralized policy enforcement before they'll even let one in the building.

  • Avoiding data breaches through mobile encryption

    Compare mobile encryption alternatives and their ability to prevent stored data theft, reducing the biggest risk posed by lost or stolen devices, in this tip.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com