"Oh dear, look what they've done now... "
If you got just that plus a link in an email from a friend, would you click on it without asking any further questions? Almost certainly not, I'd hope, at least without having a long look at the URL. What if it came via IM from your best buddy? I'd probably have just gone ahead — and risked getting hit by one of the increasing number of IM viruses that grab a buddy list and send out fake messages linking to copies of itself. So far, I think I'd be OK in real life — if only because none of my regular correspondents would say anything so gauche as "LOL! Check this out!", which appears to be the standard message on the IM virus. But if these virus writers ever achieve basic literacy, we're sunk.
That appears to be the message behind the story of the latest crop of Sober viruses. These have a plausible message about school reunion photographs — are you the person we're missing from the attached pic? Quite a few journalists have been caught out by a similar scam which also has a fake link to a picture, but claims that "We want to use this picture of yours for a story in our publication. Can you check that this is OK and let us know?"
The only thing more dangerous would be a promise to help you finish that mouldering novel, a temptation that would probably snaffle the 99.9 percent of hacks who have just such a thing floating around their hard disks (the other 0.1 percent have finished theirs, and thus deserve to be infected by anything nasty that's floating around).
Good news of a sort: if social engineering of this level is needed to get malware around the place now, then plain dumb isn't cutting it any more. And many malware creators are plain dumb — or at least so bad at colloquial English that they can't appear too clever. They're screened out.
If faced with this sort of resistance to their products, a business would go out and find a marketing and communications company with some bright young Turk who could write vivid, exciting, targeted prose that would have people queuing up to take part. As many of these malware practitioners are part of business concerns, then this is their next logical step.
And after that? AIs, mate, that hang around monitoring chat rooms and learn writing styles before going on the attack. Is there anyone out there who doesn't think that the first use of commercial-grade thinking machines will be to talk us into doing stuff we shouldn't?
One's popped up right now. It's suggesting I put down the keyboard and go to the pub.
I shall bow to the inevitable. Less painful that way.