[Top] [All Lists]

Re: CERT Advisory CA-2004-02 Email-borne Viruses

2004-01-27 20:56:51

 Unsolicited email messages containing attachments are sent
to unsuspecting recipients. They may contain a return address, a provocative envelope, or something else that encourages its receiver to open it. This technique is called social engineering. Because we are trusting and curious, social engineering is often effective. The widespread impact of these latest viruses, which rely on human intervention to spread, demonstrates the effectiveness of social

Well, they rely on a combination of human intervention -- in that they require humans to actually "open" the attachment -- and violations of the MIME specification by the recipient's MUA.

A big part of the problem is that when the message attachment is opened, the MUA then executes the content, despite the admonition of the MIME specifications that

(a) an MUA should not allow the sender of a message to specify what action the recipient takes to display the attachment (which the sender effectively does by specifying the filename suffix) and

(b) for types not known to be safe the MOST an MUA should do is to offer to save the attachment in a file.

<Prev in Thread] Current Thread [Next in Thread>