Viruses and File Extensions

Over the years, the number of file formats that can carry and run malicious code has increased. Today in Oxygen3 254h-365d we are going to look at the file formats and extensions commonly used by viruses.

The first generation of computer viruses were more or less limited to hiding out in the boot sector of disks and in executable files with .COM and .EXE extensions. There were other possible hosts, but these created more difficulties and in particular, prevented the virus from spreading to any significant extent.

The emergence of macro viruses greatly increased the number of potentially dangerous file extensions and had a particular impact on Microsoft Office formats. The first macro viruses affected both the documents (.DOC) and the templates (.DOT)in Word. However, it didn’t take long before new strains appeared affecting the other Microsoft Office applications (.XLS, .MDB, .PPT, etc.).

The growing popularity of the Internet was accompanied by the appearance of worms, such as the infamous “ILoveYou”, which were written in the Visual Basic Script (.VBS) programming language. At the same time, malicious code started to spread using files with a double extension (.TXT.VBS, .JPG.VBS, etc.) to trick users into thinking they had received a file with a harmless extension.

Nowadays there is a wide range of file formats and extensions that can actively host a virus. For example, some of the new extensions used by latest generation worms, such as Klez, correspond to screen savers (.SCR) or shortcuts in MS-DOS (.PIF).