A list of dangerous file extensions

Thursday 4 August 2011

A list of dangerous file extensions ..

Heres' the secret

.386
Windows Enhanced Mode Driver. A device driver is executable code and, as such, can be infected and should be scanned.

.ADE
Microsoft Access Project Extension. Use of macros makes this vulnerable.

.ADP
Microsoft Access Project. Use of macros makes this vulnerable.

.ADT
Abstract Data Type. According to Symantec these are database-related program files.

.APP
Application File. Associated with a variety of programs; these files interact with such things as database programs to make them look like standalone programs.

.ASP

Active Server Page. Combination program and HTML code.

.BAS
Microsoft Visual Basic Class Module. These are programs.

.BAT
Batch File. These are text files that contain system commands. There have been a few batch file viruses but they are not common.

.BIN
Binary File. Can be used for a variety of tasks and usually associated with a program. Like an overlay file it's possible to infect .BIN files but not usually likely.

.BTM
4DOS Batch To Memory Batch File. Batch file that could be infected.

.CBT
Computer Based Training. It's never been made clear why or how these can become infected but Symantec includes them in their default listing.

.CHM

Compiled HTML Help File. Use of scripting makes these vulnerable.

.CLA
.CLASS
Java Class File. Java applets are supposed to be run in a "sandbox" and thus be isolated from the system. However, users can be tricked into running an applet in a mode that the sandbox considers "secure" so Class files should be scanned.

.CMD

Windows NT Command Script. A batch file for NT.

.COM
Command (Executable File). Any executable file can be infected in a variety of ways.

.CPL
Control Panel Extension. Similar to a device driver which is executable code and, as such, can be infected and should be scanned.

.CRT
Security Certificate. Can have code associated with it.

.CSC
Corel Script File. A type of script file that is executable. Any executable should be scanned.

.CSS
Hypertext Cascading Style Sheet. Style sheets can contain code.

.DLL
Dynamic Link Library. Can be used for a variety of tasks associated with a program. DLLs typically add functions to programs. Some contain executable code; others simply contain functions or data but you can't tell by looking so all DLLs should be scanned.

.DOC

MS Word Document. Word documents can contain macros that are powerful enough to be used for viruses and worms.

.DOT
MS Word Document Template. Word templates can contain macros that are powerful enough to be used for viruses and worms.

.DRV

Device Driver. A device driver is executable code and, as such, can be infected and should be scanned.

.EML or
.EMAIL

MS Outlook Express E-mail. E-mail messages can contain HTML and scripts. Many viruses and worms use this vector.

.EXE
Executable File. Any executable file can be infected in a variety of ways.

.FON
Font. Believe it or not, a font file can have executable code in it and therefore can be infected.

.HLP
Help File. Help files can contain macros. They are not a common vector but have housed a Trojan or two.

.HTA
HTML Program. Can contain scripts.

.HTM
.HTML

Hypertext Markeup Language. HTML files can contain scripts which are more and more becoming vectors.

.INF
Setup Information. Setup scripts can be changed to do unexpected things.

.INI
Initialization File. Contains program options.

.INS
Internet Naming Service. Can be changed to point unexpected places.

.ISP
Internet Communication Settings. Can be changed to point unexpected things.

.JS
.JSE

JavaScript. As script files become vectors more often it's best to scan them. (.JSE is encoded. Also keep in mind that these can have other, random, extensions!)

.LIB
Library. In theory, these files could be infected but to date no LIB-file virus has been identified.

.LNK

Link. Can be changed to point to unexpected places.

.MDB
MS Access Database or MS Access Application. Access files can contain macros that are powerful enough to be used for viruses and worms.

.MDE
Microsoft Access MDE database. Macros and scripts make this vulnerable.

.MHT
.MHTM
.MHTML

MHTML Document. This is an archived Web page. As such it can contain scripts which can be infected.

.MP3
MP3 Program. While actual music files cannot be infected, files with .mp3 extensions can contain macro code that the Windows or RealNetwork media players will interpret and run. So, .mp3 files have expanded beyond pure music.

.MSO
Math Script Object. According to Symantec these are database-related program files.

.MSC
Microsoft Common Console Document. Can be changed to point to unexpected places.

.MSI
Microsoft Windows Installer Package. Contains code.

.MSP
Microsoft Windows Installer Patch. Contains code.

.MST
Microsoft Visual Test Source Files. Source can be changed.

.OBJ
Relocatable Object Code. Files associated with programs.

.OCX
Object Linking and Embedding (OLE) Control Extension. A program that can be downloaded from a Web page.

.OV?
Program File Overlay. Can be used for a variety of tasks associated with a program. Overlays typically add functions to programs. It's possible to infect overlay files but not usually likely.

.PCD
Photo CD MS Compiled Script. Scripts are vulnerable.

.PGM

Program File. Associated with a variety of programs; these files interact with such things as database programs to make them look like standalone programs.

.PIF
MS-DOS Shortcut. If changed can run unexpected programs.

.PPT
MS PowerPoint Presentation. PowerPoint presentations can contain macros that are powerful enough to be used for viruses and worms.

.PRC
Palmpilot Resource File. A PDA program (yes, there are rare PDA viruses).

.REG
Registry Entries. If run these change the registry.

.RTF
Rich Text Format. A format for transmitting formatted text usually assumed to be safe. Binary (and infected) objects can be embedded within RTF files, however, so, to be safe, they should be scanned. RTF files can also be DOC files renamed and Word will open them as DOC files.

.SCR
Screen Saver or Script. Screen savers and scripts are both executable code. As such either may contain a virus or be used to house a worm or Trojan.

.SCT
Windows Script Component. Scripts can be infected.

.SHB
.SHS

Shell Scrap Object File. A scrap file can contain just about anything from a simple text file to a powerful executable program. They should generally be avoided if one is sent to you but are routinely used by the operating system on any single system.

.SMM
Ami Pro Macro. Rare, but can be infected.

Source
Source Code. These are program files that could be infected by a source code virus (these are rare). Unless you are a programmer these likely won't be a concern. Extensions include, but are not limited to: .ASM, .C, .CPP, .PAS, .BAS, .FOR.

.SYS

System Device Driver. A device driver is executable code and, as such, can be infected and should be scanned.

.URL
Internet Shortcut. Can send you to any unexpected Web location.

.VB

.VBE
VBScript File. Scripts can be infected. (.VBE is encoded.)

.VBS

Visual Basic Script. A script file may contain a virus or be used to house a worm or Trojan.

.VXD
Virtual Device Driver. A device driver is executable code and, as such, can be infected and should be scanned.

.WSC
Windows Script Component. Scripts can be infected.

.WSF
Windows Script File. Scripts can be infected.

.WSHWindows Script Host Settings File. Settings can be changed to do unexpected things.

.XL?
MS Excel File. Excel worksheets can contain macros that are powerful enough to be used for viruses and worms.

0 comments: