Depending on the settings of the shell/file browser the file extension may not be shown. Malicious users who spread a computer virus or computer worm may use a file name like
LOVE-LETTER-FOR-YOU.TXT.vbs which then shows up as
LOVE-LETTER-FOR-YOU.TXT. However, it only shows up in this way if the user has file extensions disabled (which is the default behavior of Microsoft's software). Therefore, to a user who has file extensions hidden, this looks like a harmless text file rather than a potentially dangerous computer program written in VBScript.
This issue is becoming less and less serious as the number of attack vectors increases: not only the vast majority of users ignores some of the most obscure dangerous extensions, but files with extensions previously considered safe (like
.ZIP) have been successfully used as attack vectors; in the case of
.TXT, with a file that told users that certain system files were malware and urged to delete them, and, in the case of
.ZIP, with an archive from which the user extracted a malicious executable and willingly ran it. It is clearly the responsibility of the e-mail program to warn the user of dangerous attachments, or to block their execution altogether, to stop at least the former kind of attack; handling the latter is entirely a matter of education and training, but its impact can be somewhat mitigated with the application of the principle of least privilege (including, but not limited to, sandboxing). Most programs already provide such protection (notably Eudora, which in the latest Windows versions even extends this functionality to the operating system by means of a shell extension).
Later Windows versions (starting with Windows XP Service Pack 2 and Windows Server 2003) include a customizable database of file types that could be considered dangerous in certain zones (including, but not limited to, downloads from the WWW and e-mail attachments), that applications can query, and standardize a common API to query antivirus programs. These mechanisms are meant to replace the often inconsistent, conflicting or weak mechanisms that existing applications already have in place, hopefully spelling death for nonsense such as certain antivirus software blacklisting scripts as intrinsically dangerous - even more so, in fact, than native executables. The latter approach is actually a cover-up to hide a well-known weakness of blacklist-based (as opposed to heuristic) antivirus software: malware can evade detection by simply "shifting shape" into a semantically equivalent form, becoming different enough from what the antivirus expects to stay undetected. This technique, usually called polymorphism, is a lot easier and more effective with scripting languages. In short, most antivirus software can only block known malware, making them useless against custom (or merely yet unknown) malware.
Relation to Internet MIME types
In network contexts, files are regarded as streams of bits and do not have filenames or filename extensions.
In the internet protocol suite the information about a certain type relating to a certain bitstream is encoded in the MIME Content-type of the stream, represented by a row of text in a block of text preceding the stream, such as:
Content-type: text/plainSome operating systems and desktop environments such as BeOS, KDE or GNOME have started using MIME Content-types to tag files with appropriate metadata about the file content type, as a way of getting out of the dependency on filename extensions. Mapping filename extensions to content-types is then done using different heuristics, such as examining both the filename extension and the contents of the file.
Source | Copyright