January 18, 2021

Besides the obvious like .exe, which file types can carry malware? I once heard that running infected video, music, image, etc files can infect a computer with malware. Is this true?

On rule 1: not talking about pirated materials, just strictly the security vulnerabilities of specific file types.



This is what only one tool (metasploit msfvenom) can make.

Executable formats
asp, aspx, aspx-exe, dll, elf, elf-so, exe, exe-only, exe-service, exe-small,
hta-psh, loop-vbs, macho, msi, msi-nouac, osx-app, psh, psh-net, psh-reflection,
psh-cmd, vba, vba-exe, vba-psh, vbs, war

Transform formats
bash, c, csharp, dw, dword, hex, java, js_be, js_le, num, perl, pl,
powershell, ps1, py, python, raw, rb, ruby, sh,
vbapplication, vbscript

Apart from the ones listed above you can get infected by media files (with steganography) extensions such as :-

avi, gif, jpeg, jpg, mpeg, png, bmp, mp4, mp3, wma, 3gp, aac, flv, wmv, mov etc

Alternatively you can also be infected by documents due to macros. Document extensions such as :-

.docx, .xlsx, .pptx etc
(The ‘x’ suffix will be replaced by ‘m’ and that will allow macros)

Chances are you may see more commonly used extensions but it is absolutely possible to infect a computer with malware using all these extensions.

So honestly there are a lot of files with different extensions that can infect you. So take proper measures like keeping windows up to date and making sure your windows defender is running properly.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.