WhaleTech: Spam Storm brewing

2342Unsolicited emails, or SPAM, have been flowing past the usually clever anti-SPAM measures of many email systems, including those of Google.

The scary part is that they appear to be accessing the address book.

As incredible as that sounds, similar stories are being reported from other corners of the Internet

Kiwi internet users are complaining of hundreds of spam emails being sent out from servers overnight.

The issue appears to affect yahoo and xtra accounts.

Emails containing spam links have been sent to people on users’ address lists.

ONE News has received dozens of the emails, and people have reported similar problems on message boards and Twitter.

This is a massive push using some very smart email address matching technology.  Early analysis seems to show that they are able to match addresses that are likely to be known to each other.  It then sends you a spam email with about half a dozen addresses in the To field, and with some luck, one of them matches someone you know.

This has organised crime written all over it.  

The next step is that the links in the spam emails point to compromised web servers.  Those subsequently redirect you to another compromised web server.

As I said, this is a massive push with quite a significant amount of effort behind it.

At the moment, the next destination for the emails analysed point here:



As you can see, it’s dynamically personalised using your IP to look up your likely location.

This example uses a stolen CNBC page, with all the links pointing back to itself, except for this one:



From that page, it appears stolen web pages from other major news organisations are also in play.  These are obviously used to provide an air of legitimacy to the offer.

You finally arrive at the bit that they want


Once you submit that form you get to sign up for real.

For what exactly?

Here’s the two-pronged attack

  1. They take your credit card details
  2. They recruit you to start posting spam links on their behalf (genius!)

We finally arrive at the money shot


Only USD$99 to join, and look at all that free “Value” you are getting.

For obvious reasons, I didn’t get past that part of the process – not going to throw money away and then have to cancel my credit card.

But this is kind of funny – if you try to close the page, up to two times, it will give you discounts for not leaving yet



Anyway, it’s annoying.  Nothing new there.

The appearance that they managed to access your address book is initially disconcerting, but the idea that they hacked GMail as well as several local ISPs is pretty unlikely.

Where they have stepped things up is the tech where they are matching likely email addresses with others, hoping to match one that really is in your address book – thereby dropping the guard on any spam protection measures you may be using.

Next, they have a number of compromised web servers, so as soon as the current one is shut down, the next wave of emails with the next server will be deployed, keeping it all going.

They’re harvesting names, email addresses and contact phone numbers before you even get to the credit card page, and if you’re dumb enough to fill that in, you also give up your full address, more phone numbers and your credit card details, including the security verification value.

The trick will be to shut down workinghomedigit.com, and it’s associated domains.


Good luck with that.


Do you want:

  • ad-free access?
  • access to our very popular daily crossword?
  • access to Incite Politics magazine articles?

Silver subscriptions and above go in the draw to win a $500 prize to be drawn at the end of March.

Not yet one of our awesome subscribers? Click Here and join us.