50+ File Extensions That Are Potentially Dangerous on Windows

[humble3d]

50+ File Extensions That Are Potentially Dangerous on Windows

Most people know that .exe files are potentially dangerous, but that isn’t the only file extension to beware of on Windows. There are a variety of other potentially dangerous file extensions – more than you might expect.

So Why Would I Want to Know Which Files are Dangerous?

http://www.howtogeek.com/137270/50-file-extensions-that-are-potentially-dangerous-on-windows/

[The Nude Dude]

50+ File Extensions That Are Potentially Dangerous on Windows

Most people know that .exe files are potentially dangerous, but that isn’t the only file extension to beware of on Windows. There are a variety of other potentially dangerous file extensions – more than you might expect.

So Why Would I Want to Know Which Files are Dangerous?

It’s important to know which file extensions are potentially dangerous when deciding whether a file attached to an email or downloaded from the web is safe to open. Even screen saver files can be dangerous on Windows. When you encounter one of these files, you should take extra care to make sure that you are protected. Scan with your preferred anti-virus product, or even upload it to a service like VirusTotal to make sure that there aren’t any viruses or malware. Obviously you should always have your anti-virus software running and active, and protecting you in the background — but knowing more about some uncommon file extensions can be useful in preventing something bad from happening.

Why is a File Extension Potentially Dangerous?

These file extensions are potentially dangerous because they can contain code or execute arbitrary commands. An .exe file is potentially dangerous because it’s a program that can do anything (within the limits of Windows’ User Account Control feature). Media files – like .JPEG images and .MP3 music files – are not dangerous because they can’t contain code.(There have been some cases where a maliciously crafted image or other media file can exploit a vulnerability in a viewer application, but these cases are rare and are patched quickly.)With that in mind, it’s important to know just what types of files can contain code, scripts, and other potentially dangerous things.

Programs

.EXE – An executable program file. Most of the applications running on Windows are .exe files.

.PIF – A program information file for MS-DOS programs. While .PIF files aren’t supposed to contain executable code, Windows will treat .PIFs the same as .EXE files if they contain executable code.

.APPLICATION – An application installer deployed with Microsoft’s ClickOnce technology.

.GADGET – A gadget file for the Windows desktop gadget technology introduced in Windows Vista.

.MSI – A Microsoft installer file. These install other applications on your computer, although applications can also be installed by .exe files.

.MSP – A Windows installer patch file. Used to patch applications deployed with .MSI files.

.COM – The original type of program used by MS-DOS.

.SCR – A Windows screen saver. Windows screen savers can contain executable code.

.HTA – An HTML application. Unlike HTML applications run in browsers, .HTA files are run as trusted applications without sandboxing.

.CPL – A Control Panel file. All of the utilities found in the Windows Control Panel are .CPL files.

.MSC – A Microsoft Management Console file. Applications such as the group policy editor and disk management tool are .MSC files.

.JAR – .JAR files contain executable Java code. If you have the Java runtime installed, .JAR files will be run as programs.

Scripts

.BAT – A batch file. Contains a list of commands that will be run on your computer if you open it. Originally used by MS-DOS.

.CMD – A batch file. Similar to .BAT, but this file extension was introduced in Windows NT.

.VB, .VBS – A VBScript file. Will execute its included VBScript code if you run it.

.VBE – An encrypted VBScript file. Similar to a VBScript file, but it’s not easy to tell what the file will actually do if you run it.

.JS – A JavaScript file. .JS files are normally used by webpages and are safe if run in Web browsers. However, Windows will run .JS files outside the browser with no sandboxing.

.JSE – An encrypted JavaScript file.

.WS, .WSF – A Windows Script file.

.WSC, .WSH – Windows Script Component and Windows Script Host control files. Used along with with Windows Script files.

.PS1, .PS1XML, .PS2, .PS2XML, .PSC1, .PSC2 – A Windows PowerShell script. Runs PowerShell commands in the order specified in the file.

.MSH, .MSH1, .MSH2, .MSHXML, .MSH1XML, .MSH2XML – A Monad script file. Monad was later renamed PowerShell.

Shortcuts

.SCF – A Windows Explorer command file. Could pass potentially dangerous commands to Windows Explorer.

.LNK – A link to a program on your computer. A link file could potentially contain command-line attributes that do dangerous things, such as deleting files without asking.

.INF – A text file used by AutoRun. If run, this file could potentially launch dangerous applications it came with or pass dangerous options to programs included with Windows.

Other

.REG – A Windows registry file. .REG files contain a list of registry entries that will be added or removed if you run them. A malicious .REG file could remove important information from your registry, replace it with junk data, or add malicious data.

Office Macros

.DOC, .XLS, .PPT – Microsoft Word, Excel, and PowerPoint documents. These can contain malicious macro code.

.DOCM, .DOTM, .XLSM, .XLTM, .XLAM, .PPTM, .POTM, .PPAM, .PPSM, .SLDM – New file extensions introduced in Office 2007. The M at the end of the file extension indicates that the document contains Macros. For example, a .DOCX file contains no macros, while a .DOCM file can contain macros.

This isn’t an exhaustive list. There are other types of file extensions – like .PDF – that have had a string of security problems. However, for most of the file types above, there’s just no securing them. They exist to run arbitrary code or commands on your computer.

As if the amount of potentially dangerous file extensions to keep track of wasn’t enough, a vulnerability in Windows allows malicious individuals to disguise programs with fake file extensions.

[SnakeMasteR]

Finally someone who knows how to properly copy&paste and hijack OP's topic, good job!

[banned]

It would have been easier just to list the file extensions that aren't potentially dangerous on Windows, but I guess it would have made for an extremely boring list with nothing on it.

[The Nude Dude]

Finally someone who knows how to properly copy&paste and hijack OP's topic, good job!

i did what the op should of done.

[humble3d]

McAfee Flags Legitimate Websites as Infected

HISTORY REPEATS ??

The problem was caused by a buggy DAT file
Jan 3, 2008 10:34 GMT  ·  By Bogdan Popa     
McAfee managed to cause a serious problem these days
as it flagged several legitimate websites as infected.
According to several reports, users who installed
McAfee's Antivirus were alerted that multiple pages,
including Verizon Wireless, Ars Technica, Friendster
and ESPN.com, got infected with JS/Exploit-BO, a
dangerous Trojan horse affecting most Windows
versions. Obviously, the security company has already
been informed about the flaw and has released a new
DAT file to correct it.

 

"A malicious website linked from a Google sponsored
link was found to be hosting multiple web exploits.
The website contained a frame that is linking to [a
dangerous website], where the actual exploits and
malware are hosted", McAfee wrote in the description
of JS/Exploit-BO. "The main webpage that is hosting
the cocktail of exploits, when browsed using Internet
Explorer, was proactively detected and blocked as
JS/Exploit-BO.gen by VirusScan when script scanning is
enabled."

 

Ars Technica, one of the websites that got flagged as
infected, was informed by its visitors that its
content looked like it got hacked. "Reports from
readers came streaming in, alerting us that Ars had
been hacked. After the fifth report (in about 10
minutes), our hearts sank; maybe it's true and not
some CSS problem? Everything looked okay, but dozens
of readers couldn't be wrong, could they?"- Ken Fisher
of Ars Technica wrote.

 

In case you're one of the consumers who installed
McAfee's security solutions and got these alerts, you
should apply the new DAT file rolled out by the
security company available here.

 

This is not the first time when a popular antivirus
solution has incorrectly flagged legitimate content as
infected. Just think at Symantec and at its Norton
Antivirus application that issued a false alarm
concerning some vital Windows files. Since they were
detected as being infected, the Windows files were
quarantined, a process that seriously damaged the
computer.

http://news.softpedia.com/news/McAfee-Flags-
Legitimate-Websites-As-Infected-75077.shtml

[Holmes]

I have to agree no risk thats off topic and I dont know why users complain about users who dont copy and paste information from the source type a description about the source what its about and then let users click on it how difficult is it to left-click on a source to read the article users dont have to copy and paste (they can if they want dont condemn and personally attack users that dont) and humbled doesnt the mcafee post deserve its own topic.  For your information if a file's header is labeled or set to executable then technically that makes it executable.