This PC magazine article shares dangerous file extension in addition to EXE that users should avoid

http://securitywatch.pcmag.com/spam/331629-tasty-spam-watch-out-for-attachments

Most of us now know that if you see a file with the .exe extension as an email attachment, then that file is up to no good and you shouldn’t click on it. But .exe files aren’t the only ones to watch out for. Cloudmark points out other file extensions the bad guys can use.

“We see spammers trying various other executable file names in an attempt to trick unsuspecting users into installing malware,” Cloudmark said in the latest Tasty Spam report. The .exe can be compressed into a .zip or .rar archive to bypass some antispam and antivirus programs. Cloudmark researchers have also seen the .arj archive, an obsolete format, recently. The .zip file may contain a .scr file, which stands for Windows screen saver. It is considered a special type of Windows executable.

Spammers are also using files with the .com extension. It’s unusual to see .com files in use nowadays because the executable is limited in size to 64k. However, it is just big enough to load malware. For many victims, the .com file extension may look like the .com in a URL. “A user tricked into double clicking on a file called www.mywebsite.com may actually be installing a Trojan rather than following a link,” Cloudmark said.