Going Dutch is easy on the pocket when eating out but it may also be another way to line someone else’s pockets– spammers’ pockets. Spam has gone Dutch as inboxes this November have seen a sudden influx of Dutch spam:
Trend Micro researcher Feike Hacquebord notes that even though the messages tell of a bogus nuclear power plant accident in Amsterdam (there is no nuclear power plant in Amsterdam, by the way), the grammar and spelling are fairly good- an unusual occurence in the spam business.
If one’s interest is tickled enough to visit the given links, s/he is directed to a page claiming to contain the photos of the accident. However, in order to view the photos, a plug-in must be installed. Notice that both of the messages have pages hosted at Geocities.com. Hacquebord has further dicovered that clicking the link eventually leads to the download of a iPIX-install.exe. Downloading the EXE, of course, downloads a malware to your computer. Trend Micro detects this malware as TSPY_BANCOS.EFZ. This Trojan spyware reports back information to a Turkish IP address, suspected of being part of the Storm network.
Spammers may have gone Dutch to prey on a less suspecting Internet populace, who are already wary of the usual English spam and its associated links. The move to another language may also be a sign that spammers are extending their reach to other locales, or are merely testing the waters for new avenues of spam delivery.
Either way, spam by any other language is still spam.