Interesting stuff from Websense. They did a study of file extensions typically used in malware installs.
While we in no way are recommending that adding filters to blanket block HTTP traffic by filtering different extensions, we thought it would be interesting to share January numbers 2006 to date, on what extensions are the most popular for malicious websites. Note: this does not include Phishing nor Spyware related websites but mostly sites that are being used to download Trojan Horse download code, keyloggers, and backdoors.
Interesting stuff, actually.
(Image from WebSense)