Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Filename extension
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security issues == File extensions alone are not a reliable indicator of a file's type, as the extension can be modified without changing the file's contents, such as to disguise [[malware|malicious content]]. Therefore, especially in the context of [[cybersecurity]], a file's true nature should be examined for [[file signature|its signature]], which is a distinctive sequence of bytes affixed to a file's header. This is accomplished using file identification software or a [[hex editor]], which provides a [[hex dump]] of a file's contents.<ref>{{cite book|last1=Aquilina|first1=James M.|last2=Casey|first2=Eoghan|author2-link=Eoghan Casey|last3=Malin|first3=Cameron H.|date=2008|url=https://books.google.com/books?id=lRjO8opcPzIC&q=extension%20signature&pg=PA211|title=Malware Forensics: Investigating and Analyzing Malicious Code|publisher=[[Syngress]]|pages=211, 298β299|isbn=978-1-59749-268-3|access-date=2025-02-25}}</ref> For example, on [[UNIX-like]] systems, it is not uncommon to find files with no extensions at all,<ref name="Skoudis-2004">{{cite book|last1=Skoudis|first1=Ed|last2=Zeltser|first2=Lenny|date=2004|url=https://books.google.com/books?id=TKEAQmQV7O4C&pg=PA32|title=Malware: Fighting Malicious Code|publisher=[[Prentice Hall]]|pages=32β34, 253β254|isbn=0-13-101405-6|access-date=2025-02-25}}</ref> as commands such as <code>[[file (command)|file]]</code> are meant to be used instead, and will read the file's header to determine its content.{{citation needed|date=February 2025}} Malware such as [[Trojan horse (computing)|Trojan horse]]s typically takes the form of an [[executable]], but any file type that performs [[input/output]] operations may contain malicious code. A few [[data file]] types such as [[PDF]]s have been found to be vulnerable to exploits that cause [[buffer overflow]]s.<ref name="Grimes-2001">{{cite book|last1=Grimes|first1=Roger|date=August 2001|url=https://books.google.com/books?id=1HYlDwAAQBAJ&pg=PA71|title=Malicious Mobile Code: Virus Protection for Windows|publisher=[[O'Reilly Media]]|pages=41β42, 71β74, 221β222, 395β396, 422|isbn=1-56592-682-X|access-date=2025-02-25}}</ref> There have been instances of malware crafted to exploit such vulnerabilities in some Windows applications when opening a file with an overly long, unhandled filename extension. [[File manager]]s may have an option to hide filenames extensions. This is the case for [[File Explorer]], the file browser provided with [[Microsoft Windows]], which by default does not display extensions. Malicious users have tried to spread [[computer virus]]es and [[computer worm]]s by using file names formed like <code>[[ILOVEYOU|LOVE-LETTER-FOR-YOU.TXT.vbs]]</code>. The idea is that this will appear as <code>LOVE-LETTER-FOR-YOU.TXT</code>, a harmless text file, without alerting the user to the fact that it is a harmful computer program, in this case, written in [[VBScript]].<ref name="Grimes-2001"/> The default behavior for [[ReactOS]] is to display filename extensions in [[Windows Explorer|ReactOS Explorer]]. Later Windows versions (starting with [[Windows XP Service Pack 2]] and [[Windows Server 2003]]) included customizable lists of filename extensions that should be considered "dangerous" in certain "zones" of operation, such as when [[download]]ed from the [[World Wide Web|web]] or received as an e-mail attachment. Modern [[antivirus software]] systems also help to defend users against such attempted attacks where possible.{{citation needed|date=February 2025}} A virus may couple itself with an executable without actually modifying the executable. These viruses, known as ''companion viruses'', attach themselves in such a way that they are executed when the original file is requested. One way such a virus does this involves giving the virus the same name as the target file, but with a different extension to which the operating system gives priority, and often assigning the former a "hidden" [[file attribute|attribute]] to conceal the malware's existence. The efficacy of this approach depends on whether the user attempts to open the intended file by entering a command and whether the user includes the extension. Later versions of DOS and Windows check for and attempt to run <code>[[COM file|.COM]]</code> files first by default, followed by <code>.EXE</code> and finally <code>[[batch file|.BAT]]</code> files. In this case, the infected file is the one with the <code>[[COM file|.COM]]</code> extension, which the user unwittingly executes.<ref name="Skoudis-2004"/><ref name="Grimes-2001"/> Some viruses take advantage of the similarity between the "[[.com]]" [[top-level domain]] and the <code>.COM</code> filename extension by emailing malicious, executable command-file attachments under names superficially similar to URLs (''e.g.'', "myparty.yahoo.com"), with the effect that unaware users click on email-embedded links that they think lead to websites but actually download and execute the malicious attachments.{{citation needed|date=February 2025}}
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)