Geekspeak: April 1, 2002

Social engineering gives worm more crawling power.

Microsoft customer, this is the latest version of security update, the 9 mar 2002 cumulative Patch update. ... " So begins the text of W32.Gibe@mm, which first appeared early last month and has been spreading rapidly since then.

This worm, spreading through e-mail and shared network drives and installing a back door listening on port 12378 as it goes, is fairly standard. Whats interesting is the social engineering angle (an approach also used by the MyLife.B worm, which prints a "No Viruse Found" message from "MCAFEE.COM" at the end of the e-mail.

The worm relies on users fear of viruses, their growing familiarity with regular (although real) similar announcements, and their trust in Microsoft to properly research and fix these issues. Were so used to Microsoft security patches that weve become immunized to the idea of installing system-level updates on a week-by-week basis.