What Types Of Files Can Viruses Come In?

vbimport

#1

What Types Of files Can Viruses Come In? eg. can you get a virus from a .jpg, .bmp, .mp3, .mpg etc, or can it only come in .exe and the likes?


#2

.exe - Yes
.com - Yes
.vbs - Yes
.bat - if calls other .exe;.com;etc… (alwasy read first)
.mp3 (very rare)
.avi;.asf;.mpg - I never heard fo such a thing having a virus
.doc - macro viruses
.html - can have scripts to install .exe and such

I guess just about anything can have a virus but the overwhelming majority are either small executable files (.exe) or files that call and collaborate .exe files to work together.

Check This if you are bored.


#3

Whats about piccy files?

JPG, BMP, TGA, GIF etc.

Oh, just saw the link - thanx!:bigsmile:


#4

.scr - yes
.pdf - yes


#5

don’t forget .emf , .dll and .inf


#6

As far as video files goes, i know that an .asf file can call up a webpage while you ar eplaying the clip, and in turn the webpage could install a virus on your computer. Ive seen maybe 2 such asf files, and i was puzzled by them


#7

one of the emails i got withe my doom was a .doc file . luckily norton got it beforehand


#8

forgot pif files also remember there are boot sector viruses as well as the secuirty loopholes in windows operating systems


#9

Visual Basic Scripts (.vbs)…


#10

Originally posted by $CyBeRwIz$
Visual Basic Scripts (.vbs)…

check my initial reply
yes they are visual basic scripts
they can even directly right to registry without warning prompts:eek:


#11

Originally posted by xtacydima
check my initial reply
yes they are visual basic scripts
they can even directly right to registry without warning prompts:eek:

Oh yeah… sorry, I read fast


#12

ooo, a new one - the leaked windoze source allowed the finding of an overflow with bmp files and IE5. not exactly a virus, but still interesting :smiley:


#13

Originally posted by $CyBeRwIz$
What Types Of files Can Viruses Come In? eg. can you get a virus from a .jpg, .bmp, .mp3, .mpg etc, or can it only come in .exe and the likes?

For a comprehensive list of dangerous file types, you can’t beat the list of 51 types provided by Microsoft and excluded by OutLook 2003! Who would have guessed all these.:frowning:

Click to see them on MS support site.

Even this list is incomplete though because they missed “.pdf” which can contain a malicious script, but can only activate if you have Acrobat Writer on the system. Likewise, there have been proof of concepts done with hiding malicious code in picture files. In these cases, another program has to extract the code. AFIK this has not yet been seen “in the wild”, but has been reported in security news a couple of years ago.

Hope this helps.


#14

Methinks the worst ones are exe’s, .pif and .scr’s.

The problem is that often viruses are sent with filenames like
“Readme.html.pif”
The real issue lies in the fact that people usually have “HIDE Filename extension” turned on, by default.

So the filename comes up as “Readme.html” in the main window, and the .exe part will only show when you actually go to save attachments.

Additionally, MS have done a real bright thing and allowed files to specify their own Icon, which can be internally bundled into the same file.
Crafty virus distributors therefore change the icon into any damn file (eg winzip/html/pdf icons) combine it with the name (as indicated above) and then send it off.

To tell the truth, realtime virus scanner software is a MUST these days, even if you practice safe emailing.

Don’t even get me started about worms that manage to weasel their way in thru MS buffer overflows etc. Even if you have a software firewall, it still depends on MS software receiving the packet correctly in the first place, which leaves hardware firewalls as the only real defence.

It’s only a matter of time before someone starts detecting hardware firewall limitations and bugs and starts exploiting those.

I know the firmware that came with my router coes from a relatively large company. A good target audience then if they attack THAT group.

I’m curious how long it’s gonna be before people start writing viruses for the symbian OS’s (mobile phones).


#15

Originally posted by debro
[B]Methinks the worst ones are exe’s, .pif and .scr’s.

The problem is that often viruses are sent with filenames like
“Readme.html.pif”
The real issue lies in the fact that people usually have “HIDE Filename extension” turned on, by default.

<snipped for brevity>

It’s only a matter of time before someone starts detecting hardware firewall limitations and bugs and starts exploiting those.

I know the firmware that came with my router coes from a relatively large company. A good target audience then if they attack THAT group.

I’m curious how long it’s gonna be before people start writing viruses for the symbian OS’s (mobile phones). [/B]

I agree and would also add self executing Zip files and Javascript to this most common list. I always turn off “Hide Extensions for known file types”, partly for this reason. As you say, it is imperative to use a good realtime virus
checker and good work practices to minimise the chance of letting one slip through. The other thing that neophytes often don’t realise is that the virus checker must be kept up-to-date. The annual subscription only offers a warm feeling, it’s those daily updates that confer the early protection against new viruses.

Unfortunately, most of the “personal firewall” software products are weak and are really self marketing products… Let’s be clear, here. A firewall won’t protect from viruses, as most are carried through the firewall in email. The purpose of a Firewall is to stop active probing and prevent services that you may have open in a LAN from being exposed to the Internet. While I don’t advocate not using some form of firewall protection (especially if you’re on broadband), a well set-up PC, with all unnecessary network services disabled, is reasonably safe. What these personal firewalls tend to do is open all the network ports, catch all sorts of rubbish on them and report that they are thus protecting the system. A convincing ploy if you don’t realise that, but for the firewall product, your PC would have ignored the packet anyway.

A good Firewall is invisible from the outside, and thus it is less likely that anyone will worry about looking for vulnerabilities in hardware firewalls… Firstly, they cost money to purchase to investigate, and secondly, there’s a much bigger target out there… unprotected Microsoft OSes. It’s human nature to go for the [i]low hanging fruit[/].

In the same vein, as you also alude to, a firewall and virus checker aren’t the complete answer, as any network services exposed through a firewall can be used to try buffer overflow or other exploitable weaknesses in the server application. So monitoring security patch releases for such software and putting such systems in a “Demilitarised Zone” are also important… now I’m getting really off-topic, as the latter is usually not a financial possibility in a domestic environment.

In respect of mobile phones… There’s been a few hoaxes, but AFIK, no actual viruses yet. The liklihood increases as the phones start to have more applications that connect into the computer world (email, chat, computer originated SMS). Most scams with phones are of a more simple nature, eg. Person calls at door and asks to make a phone call (excuse could be anything compelling and encapsulating sympathy - social engineering). The home owner lets them in and they make a brief call which sounds convincing… may even offer to pay for the call and give $10. When the bill arrives, it is discovered that the call was to a special service that charges several hundred dollars a minute connect time. The householder is left with no choice but to pay the phone bill. Its been done! The moral; ask for the phone number and dial it yourself or offer to make the call on their behalf and pass on a message (in Oz, services that charge fees for just calling or high rates per minute that go to the owner of the number are prefixed with 0055, so they are easily recognisable).


#16

as ive said 1000 times.

If you name a file

Do not open this it is a virus and will wipe out your hard drive.exe

SOMEONE will open it

i heard about some weird thing with mobile phones once that did something viruslike. But the thin line between virus and program is hard to say. A program which replaces anything you type with swear words is not really a virus if it doesn’t propogate (just like some people consider AOL to be a virus /chuckle)

Things that do stuff thats viruslike but arent really viruses are best classified as Malware (basically software designed to cause malice or harm that dont really spread themselves)


#17

the phone thing was because some phones had bluetooth enabled by default, if i remember correctly.