Possibly Malicious Executive Files and What You Should Know About Them
Virtually any file extensions are potentially dangerous, wrecking havoc upon your hard drive, stealing sensitive data, simply slowing down the performance or doing “funny” things (hilarious probably only to those responsible for creating malware). Each and every file can be detrimental to your PC's health, so it's slightly difficult not to get into some sort of a paranoia.
When you are eye to eye with a seemingly dangerous program, the first and most important rule is to remain calm – scan it with your anti-virus application or upload to a service, such as VirusTotal.com to check it out.
Executive files are not the only source of the problem, by the way – as hackers are smart (if they weren't, we wouldn't have so many problems with malware drifting somewhere in the Web) they can disguise harmful software with fake file extensions. Even an .mp3 format file may in fact be an executable program. By changing certain character in the Unicode, hackers make text appear in reverse order. And the simplest way of turning a malicious file into seemingly innocent one is by adding the name of a well-known extension, such as .jpg or .txt to the name of a file – since some of us do not have the “show the extension” option ticked on, especially the newbies can easily get screwed.
So what are the possible sources of havoc? These files can be divided into a few main groups, namely programs, scripts, shortcuts and Office suite macros.
Programs are what you usually install on your PC. Apart from the standard .exe files, you may encounter .pif and .com files (used by MS-DOS), .application, .cpl (installed in Windows Control Panel), .msi and .msp files (popular especially among the Windows 7 users), .scr (screen saver file – even these can be packed with executable code!) and .jar (executable Java code, running under Java runtime).
Scripts cover a long list of files that execute certain commands according to coded algorithms. The most known are .bat and .cmd, .vb, .vbs and .vbe, .js and .jse (JavaScript files that are run safely in Web browsers, but may be potentially dangerous outside them), .ws, .wsf, .wsc and .wsh files (all four are Windows Script files and components), Windows PowerShell Scripts (all having “ps” in their executions) and Monad script files (msh-related files) that are often used to save additional, fan-made features in PC games.
Shortcuts are quite dangerous – you never know where they may lead and running them may cause unexpected data loss. These include .ink, .lnk and .scf.
Macros are the algorithms you record when using Office suite and there are some ways in which malicious code may be set in motion if you launch them. Since Office 2007, the “m” letter at the end of the file extension shows that the document has some macros in it, e.g. .doc without macros and .docm with macros. However, the older versions of the suite do not save this sort of an extension, so though you should be warned when you open the file that there are some macros in it, you'd better not rely on sheer luck.
The last type of an extension that should be mentioned is .reg file – Windows registry file. This one comprises an algorithm listing the registry entries that would be added or removed if you launched it. An infected .reg file could doom your whole system by adding malicious data or deleting important information.
How to keep your PC safe and sound? There are bad news: there is no simple remedy, as all of these files are also used by the system to maintain “healthy” execution of the code. However, a good anti-virus program can substantially reduce the risk of infecting your computer with malware. If you are concerned with your current protection, you can always consider downloading and installing some (well-checked and free of unpleasant surprises) anti-virus application from our software data base.