Next Microsoft worm arrives

This evening, a funny message headed “From Microsoft Security Department” arrived in my (Mac!) inbox. It had lots of Microsoft-type graphics, plus helpful text. “This is the latest version of security update, the September 2003 Cumulative Update”, it read, “which resolves all known security vulnerabilities affecting MS Internet Explorer, MS Outlook and MS Outlook Express… Install now to maintain the security of your computer from these vulnerabilities, the most serious of which could allow an [sic] malicious user to run executable on your system…”. Etc. etc. At the end, of course, is the executable file that does the damage.

It’s the Swen or Gibe worm. According to the BBC, the worm switches off any anti-virus or firewall software and mails itself to addresses it finds on the victim’s computer. It also installs various files to make sure that it is run every time the computer boots up. “According to e-mail filtering firm, MessageLabs, the first copies originated from Slovakia on 14 September, with some later coming from the Netherlands.”

Two questions: (1) Who would be taken in by this (especially when you see that the actual message source is “grahggimbgmve_ynpekspq@updates_msn.net”? (2) Why can’t the virus writers take the trouble to get their grammar right?