The German stock spam business continues to evolve. I've just seen the first image-based German-language stock spam, pushing Stonebridge Resources (a US company traded on German exchanges, now shaping up to become as big a feature on the German stock spam scene as it is on the US).
Interestingly, the German-language Stonebridge spam is hitting a different spamtrap address from most of the other German-language stock spam. Moreover, the spam was apparently sent using the same ratware used by the spammer who is currently pushing Voice Diary Inc to US investors. This tends to support the theory that some of those engaged in spamming US stocks are now dipping their toes in the German market.
D., the German reader whose comments on German-language spam I quoted in a previous post, had some further comments to make. He noted that while spam promoting S3C.F and IWRS.PK was apparently not written by a native speaker of German, most of the other German-language stock spam he has seen had almost no grammatical and spelling errors. It begins to look as if there are at least two stock spammers active in the German market now. One, writing good German and promoting German stocks, is hitting one of my spamtraps; the other, writing poor German and promoting mostly (but not exclusively) stocks with ties to the US, is hitting a different spamtrap.
But wait — there's more. That second spamtrap only gets a small amount of spam. Recent items have included spam for VCDY.OB (another data point to suggest that the same spammer is promoting VCDY.OB and S3C.F) and, interestingly, a batch of domains linked to ourtopgainers.com.
ourtopgainers.com and its morphs appear to have been a short-lived experiment by a stock spammer to recruit more suckers for their scheme by inviting recipients to sign up for a 'free hot stock tip newsletter'. Stylistic features of the messages linked them to an active stock spammer, while the domains themselves were mostly hosted by global-hosting.ru. One of the domains was registered to one 'Sergey Serebryakov' (presumably an invented name).
The connections are all so slight and circumstantial that this hardly deserves to be called evidence. Nevertheless, the scattered data points do add up to a consistent picture that suggests that one of the major stock spammers active in the US market is now dabbling in German markets as well.
Incidentally, their activities have been noted by others. A Sophos press release says:
Yesterday, SophosLabs experts identified an active spam campaign encouraging German investors to buy shares in [Stonebridge Resources] ... "This is the first time we have seen a widespread spam campaign trying to influence a stock market based outside of the USA, and German language users may be at risk of losing money," said Graham Cluley, senior technology consultant for Sophos
Sophos appear to be a little behind the curve on this one. The first of the new German-language stock spams to hit our traps did so on the 22nd of February, and by the second week in March we'd seen enough similar spams to make it clear that it was the start of a wave rather than an isolated incident. (The Sophos release only mentions Stonebridge, and doesn't discuss any of the other spammed stocks). Maybe I should start sending out press releases instead of writing blog entries.