Have you ever come across a file that you thought might be suspicious? Perhaps a PDF file was attached to an email address, and you weren’t certain of its safety.
Malware and viruses can hide almost anywhere; one of the most common places is the very files you use every day, hidden among those familiar file extensions.
1 Executable (EXE) Files
An EXE file is an executable file type most commonly used in the Windows operating system. When you open this type of file, a computer program runs on your computer, be it the program itself or an installation package. You might think of the Chrome browser, which is an EXE. When you double-click the icon, the code that powers Chrome runs and opens the browser.
Likewise, when you double-click any executable file, the code in the file will run. A clean EXE will do its intended job, but a malicious EXE will install malware onto your system, hiding behind what looks like a benign file. Not every EXE is a virus, but it’s worth scanning and checking before you run the file, and definitely don’t click on random EXE files.
One problem is that malware developers know you might not click on a random executable file. That’s why they disguise malicious EXE files with other file extensions, like some of the options you’ll read below.
2 Compressed Files: ZIP/RAR
A ZIP or RAR file is more like a folder containing many files. When you extract these, you may see several different file types, such as scripts, executables, and more—depending on the files in the archive.
You can think of a website template for the sake of this article. Some templates are huge, containing HTML, CSS, JavaScript, media content (images/videos), and more. These templates are best shared using compression, such as ZIP or RAR, to keep the file size small. But when you extract the files, anything malicious is extracted with it.
Now, I’m not saying there’s going to be a virus in there for sure, but compressed file archives are one malware spreads, waiting for activation.
3 PDF Files
The chances of having a PDF file on your computer are pretty high—PDF files are everywhere. They’re used instead of physical books, to store valuable business information, and much more. Given their use, it’s no surprise they’re a great attack surface for planting a virus.
Generally, PDF files are safe, although they can indeed contain embedded code. Even worse, the PDF reader itself may contain a zero-day exploit, posing yet another risk. It’s best not to download random PDF files on the internet.
4 Script Files
Script files use file extensions like JS, PY, SH, and more. Now, on their own, they can’t really do anything. You would need to run them in their respective environments. For a .js file, that would be a JavaScript runtime–most notably a web browser.
The danger of a potential virus being installed from one of these files comes from the user, as you must do something with the file for the code to run. If you’ve ever opened up your browser’s developer tools while on Facebook, for example, you’ll be greeted with a warning message:
Likewise, .py and .sh scripts must be run by a user. If you run these files on your computer without knowing what they do, bad things can happen.
5 Microsoft Application Files
Excel, PowerPoint, and Microsoft Word files are notorious for containing viruses and malicious scripts. These programs allow users to create “macros,” scripts that allow you to automate tasks. These scripts have the potential to cause harm to your system.
Similar to PDFs, a Word document (or other Office 365 programs) can contain embedded code. The code may be harmless, but there’s always a chance that you download some random DOCX file, open it up, and find your antivirus software notifying you of danger. Pretty much all Office 365 file extensions can potentially contain malware, like DOC, DOCX, XLS, XLSX, and so on. Alternatively, the malware is straight up disguised as an Office 365 file, but is really an executable waiting to install malware on your system.
The five file types listed above are commonly known to contain viruses. However, just about any file type can potentially contain malicious functionality; malicious image files like JPGs, PNGs, and GIFs are another similar issue. To safeguard yourself, use your best judgment before downloading or opening up files that you’re not familiar with. If a random EXE appears on your desktop, chances are it’s no good; don’t click it (although you may have bigger problems to worry about)! Your mind and judgment are your first layer of protection.
