The many forms of executable code

This tip explains how to identify and avoid malicious executable code.



Viruses are only a problem when they are executed or the file that they are attached to is executed. The trick

a malicious entity must perform to infect your system is to get you or your computer to execute the virus. Only after execution can the virus actually do anything -- just like a car can't take you anywhere until you turn on the ignition.

One of the most common ways for code to be executed on systems is to send it to a victim either as an e-mail attachment or as a downloaded component of a Web site.

You are probably aware that executable code exists in files with the extensions of .exe and .com. You should also be aware that many scripting languages have their own file extensions as well. Visual basic is a common language for malicious code; it uses an extension of .vbs. Executable code can be launched from your Start menu; from the Run command; from the Command Prompt; by double-clicking on the file; by allowing components to download from the Web; by opening attachments; by allowing macros to run in opened documents; and even pre-viewing e-mail.

As you add more programs, services and capabilities to your systems, you expound upon the number of file extensions that can contain executable code. On a base installation of Windows 98, 2000 or XP with Office 2000 installed, there are over 170 file extensions that can be executed:

??_
AD?
ADE
ADP
ASP
ASX
BAS
BAT
BIN
CDR
CER
CHM
CMD
COM
CPL
CRL
CRT
CSC
CSV
DER
DESKLINK
DEV
DIF
DL?
DO?
DOC
DOCHTML
DOT
DOTHTML
DQY
DSN
DUN
EML
EXE
FAV
GMS
GZ?
HLP
HT
HT?
HTA
HTM
HTML
HTT
HTW
IM?
INF
INI
INS
IQY
ISP
ITS
JOT
JS?
JSE
LNK
MAD
MAF
MAM
MAPIMAIL
MAQ
MAR
MAS
MAT
MAV
MAW
MD?
MDA
MDB
MDBHTML
MDE
MDT
MDW
MDZ
MHT
MHTML
MPP
MPT
MS?
MSC
MSI
MSP
MST
NFO
NMW
NWS
OBD
OBT
OCX
OLE
OQY
OSS
OV?
P10
P12
P7B
P7R
P7S
PBK
PCD
PFX
PIF
PKO
PL
PMA
PMC
POT
POTHTML
PP?
PPA
PPS
PPT
PPTHTML
PRF
PWZ
QDS
RNK
RQY
RTF
SC2
SCD
SCH
SCR
SCT
SHB
SHS
SLK
SMM
SNP
SPC
SST
STL
STM
SYSVB?
UDL
ULS
URL
VB?
VBE
VBS
VS?
WAB
WBK
WEBPNP
WHT
WIZ
WIZHTML
WPD
WS?
WSC
WSF
WSH
XL?
XLA
XLB
XLC
XLD
XLK
XLL
XLM
XLS
XLSHTML
XLT
XLTHTML
XLV
XLW
XML
XNK
XSL
XTP
ZAP

Look up these file extensions at WhatIs.com's "Every File Format in the World".

There are several actions you can take to reduce the risk posed by executable files. However, none offer complete protection and will ultimately reduce the functionality of your system and your Internet connectivity.

  1. Block all e-mail attachments or all attachments with suspect extensions.
  2. Disable script and macro execution in all programs.
  3. Set all trust levels to "do not trust" for programs, code, macros, etc.
  4. Prevent the installation or execution of unsigned and unapproved code.

About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.


This was first published in July 2002

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close