Dangerous File Extensions
Modern operating systems provide many mechanisms which help users avoid malicious files and computer infections. But still it is relatively easy for a user to download and launch a file which when run will infect computer with a virus. That’s why it is important to be aware what kind of files could be dangerous to download from the internet and why.
Below you will find a list of file extension which are most frequently used as vectors for attacks on computers:
- EXE, COM, SCR – executable files for Windows. If permitted to launch as Administrator can perform almost any action on target computer. Do not run executable files downloaded from the internet without checking them by antivirus software. Or even better do not run any executable files downloaded from not trusted sites at all. Executable files ran in Administrator mode have full control of your computer and can install any code on any subsystem of the operating system.
- APP – executable file for Mac OS. If permitted to run could cause significant damage to target computer.
- DLL – dynamic link libraries for Windows. Will not run if double clicked but can be used by viruses to store executable code. Also viruses can replace legitimate DLL files with infected. In that case virus removal software will quarantine such DLLs but this may cause infected software to become unusable.
- BAT, CMD – command line script files for Windows. When launched can either perform malicious file or registry operations on the target operating system or launch a malicious software.
- VBS – Scripts written in Visual Basic. When double clicked on Windows script will start executing. Many computer worms which made serious damage on the internet were written in Visual Basic scripting language.
- XLS, DOC, XLSX, DOCX – Modern document file formats allow scripts to be stored inside to simplify complex document processing. While very useful macros could prove to be very dangerous since they have access to certain computer subsystems which allow them to perform malicious actions on target computer and distribute themselves to other computers.