I am working on a project that will involve file upload to a server. I am interested in understanding what kinds of files virus writers currently tend to target. I am aware of the following threads:
How would you programmatically test a file for viruses ? ensuring uploaded files are safe How can I determine a file’s true extension/type programatically? Server side virus scanning
But am interested in general in finding out about common attack vectors.
All of them. There aren't any "safe" file types when a JPG image can infect you with a virus and you can even trick the browser to execute JavaScript in any file no matter its declared type.
But the biggest and most widespread danger doesn't even involve uploaded files - ANY text that is entered by users and displayed on your page is a potential vector of Cross-Site-Scripting attacks.