10.2 Binary mail attachments

10.2    Binary mail attachments

A binary mail attachment is an attachment to an e-mail message that contains some binary data. The binary data, in turn , may encode anything, such as random data, structured data (e.g., data for a word processing program), or even executable code. As such, binary mail attachments encoding executable code represent the simplest class of executable or active content. The sender of an e-mail message simply attaches a program representing executable code to a message, and the recipient ”manually or automatically ”executes the program upon reception .

It is common practice today to use binary mail attachments to distribute simple animation programs over the Internet. In general, these programs are executed on the recipients side without thinking about security implications. For example, it would be a fairly simple exercise for a software developer to write a program that automatically deletes all files a user running the program has access to and is authorized to delete. In fact, several programs that illustrate this possibility have already been demonstrated on the Internet. In theory, these programs are well suited to increase the awareness of the problem of binary mail attachments to e-mail users. In practice, however, these programs are not very effective and users continue to redistribute binary mail attachments they like to their colleagues and friends . This is worrisome, to say the least.

More recently, many Internet security incidents reported in the media have been caused by malicious software (e.g., Internet worms) that is able to replicate itself. You may remember the Love Letter worm that hit the Internet in 2000. ^[4] Since then, many Internet worms have employed binary mail attachments that are sent to arbitrary e-mail addresses found in electronic address books. If a recipient of such a mail open the attachment, it is usually executed by some preconfigured program. ^[5] Sometimes it is not even necessary that the recipient open the attachment because his or her user agent is configured in a way that invokes a program that matches the MIME type of the message and automatically displays (i.e., previews) it. This possibility should be kept in mind when configuring a user agent to preview incoming messages.

In summary, the use of a binary mail attachment should be considered with care. Every user should understand that the attachment he or she receives must not originate from the claimed source, and that it is executed with his or her privileges. As such, it can do anything he or she is authorized to do (including, for example, the deletion of data files). Once this is understood , it is possible and likely that users will get more concerned about the security implications of binary mail attachments, and that they will actually try to avoid them.