2

After reading @Iszi's answer to this question he states

Viruses attached in e-mails do not only come in .EXE files. They can be any form of document - PDF, PPT, DOC, XLS, SWF, etc.

Are there any formats that cannot carry malware, for example a text file? Is this a moot point because anyone can rename file extension to .txt?

Community
  • 1
Celeritas
  • 10,089
  • 22
  • 79
  • 144
  • You can rename a PDF file with a `.txt` extension and try to open it in a text editor, but I doubt it will do much good. – curiousguy Aug 19 '13 at 18:22
  • Attachments are out. Modern attacks lure you to webpages that were hacked some minutes ago and contain poisoned images, videos or javascript. – ott-- Aug 19 '13 at 19:37
  • @ott-- does any malware self propagate any more? – Celeritas Aug 19 '13 at 19:40
  • Yes. There is a wide range of worms and viruses. Vast numbers of them. They won't go away. – Rory Alsop Aug 20 '13 at 15:52
  • 3
    Possible duplicate of [How can normal files hide a virus?](http://security.stackexchange.com/questions/63845/how-can-normal-files-hide-a-virus) – WhiteWinterWolf Dec 30 '15 at 10:49

2 Answers2

5

For every file format, a program meant to process is associated. For example, a PDF can be processed by a program capable of parsing pdf format. While processing each format, certain parsing and processing of data is involved. Malware is crafted to exploit the vulnerabilities of these processing programs. By assigning an extension, the file format is easily identified by the OS and the corresponding program capable of parsing it is fired up. Thus, vulnerabilities in widely used software make the users more vulnerable, like in case of Surtr family of malware exploited the vulnerability in MS Word.

Renaming an extension is a solution only until the corresponding program for which the file is crafted is not launched. For instance, a .pdf malware renamed as .txt is not harmful until the data is processed by a pdf reader (which malware targets).

schroeder
  • 125,553
  • 55
  • 289
  • 326
Jor-el
  • 2,071
  • 1
  • 17
  • 24
  • Great answer. To try to put it in simple language: Any file can be malware if the default program to open it (ie, PDF : Adobe Reader) has security vulnerabilities. Generally, programs like Notepad are simple and direct enough that there's no way to exploit them. – Katana314 Aug 19 '13 at 23:17
  • 1
    no known way. One famous example was an exploit of widely used jpeg reading code. – ddyer Aug 20 '13 at 05:39
-2

Yes, malware can come in any format. Malware is a piece of code that does some malicious things in the system and causes harm. They are always programmed in some language so they can be in any extension or format in which they are coded.

schroeder
  • 125,553
  • 55
  • 289
  • 326
Sahil
  • 19
  • 1
  • 1
  • 8