Unsolicited email messages containing attachments are sent
to unsuspecting recipients. They may contain a return
provocative envelope, or something else that encourages its
to open it. This technique is called social engineering. Because
are trusting and curious, social engineering is often effective.
widespread impact of these latest viruses, which rely on
intervention to spread, demonstrates the effectiveness of
Well, they rely on a combination of human intervention -- in that they
require humans to actually "open" the attachment -- and violations of
the MIME specification by the recipient's MUA.
A big part of the problem is that when the message attachment is
opened, the MUA then executes the content, despite the admonition of
the MIME specifications that
(a) an MUA should not allow the sender of a message to specify what
action the recipient takes to display the attachment (which the sender
effectively does by specifying the filename suffix) and
(b) for types not known to be safe the MOST an MUA should do is to
offer to save the attachment in a file.