EXE files
EXE represents executable and is the default extension for most Windows program files. Whenever an EXE file is run, the code it contains is executed on the computer, which could be malicious code in the virus containing instructions for infecting the system as well as replicating the file itself. An EXE file may also contain instructions for launching other programs, connecting to the internet to transmit data or even taking control of the computer. The icon of an EXE file can be set by the developer of the program, often using commonly used icons of non-threatening file types such as text files, music files or even windows folders to trick users into double-clicking it.
SCR Files
SCR is used as an extension for screen savers. At the core, these are identical to EXE files, with merely the extension changed to ".scr" and the default display set to full screen. The computer treats these files in the same manner as EXE files, running these as a full screen program when double-clicked, making them ideal for viruses to spread since a lot of users search for and download free, decorative screen savers from the Internet.
COM Files
COM is a shortcut for command and is the default extension for MS-DOS based programs. These are also run by Windows as executable programs but only in a DOS-Shell window. Many viruses spread as COM files often named to mimic old classic DOS-based games downloaded from the Internet.
BAT Files
Strictly speaking, these are text files that can be opened using any text editor like Notepad. However, these text files are executable and are used to contain multiple commands in a batch, which are all executed in a sequence when a user runs the file. Thus, a virus can easily be written as a batch file with commands to copy itself to other locations on the system, delete other files or run other programs on the computer by itself.
MP3 and Other Non-Executable File Types
By default, Windows hides file extensions for file types known by the system, making only file names visible to the user--hiding the extension. Thus, an email containing a file called “latest-shakira-hit.mp3” can be downloaded by a user who thinks it is a song and when he attempts to play it by double-clicking on it the result is an infected system. The same is often done using other seemingly harmless file types such as TXT, BMP, GIF, 3GP or pretty much any other file type.