Malware Payloads

Malware is simply a form of software. Like any program it can exist as an executable file (for example, a file with the “.exe” extension). Most of us know the power and danger of executables, and we will not knowingly run them without assurances they are reputable. But the .exe extension can sometimes be hidden, and one needs to be careful.

There are many more files, however, which allow executable code. This is because software vendors want to utilize the power to add features, offer convenience, or for other reasons. Files ending with the extensions .zip, .doc/docx, .xls/.xlsx, .ppt/.pptx, .pdf, and countless others can contain other programs and execute them when opening the file. Unfortunately, this is only a tiny portion of the filetypes which can harbour malware. In fact, it might be easier to identify those filetypes which cannot deliver malware, since they seem to be in the minority. Files ending with .txt are generally safe, for example.

But remember that file extensions can be stacked to hide their true nature, and hackers do this all the time. For example, Windows allows a file to be named “Letter to client.txt.doc”. If the user has not enabled “show file extensions”, it will display on the screen as “Letter to client.txt”. One would think the text file is safe, not realizing that it is actually a Word .doc file which can harbor other programs, including malware. To learn how to enable “show file extensions”, see Protecting Oneself later in this module.

Email attachments are a leading delivery mechanism for malware payloads. Simply opening such a file can instantly infect a system, whether ransomware or some other form of infection. Modern mail clients filter out some of these, but they are not foolproof, and they cannot guard against all executable files. It is up to the user to employ safe practices and never open an attachment, or any file, without full confidence it is legitimate.