Necurs, the world’s largest spam botnet, with millions of infected computers under its control, has updated its arsenal and is currently utilizing a new technique to infect victims. This new technique consists of sending an email to a potential victim containing an archive file, which unzips to a file with the extension of .URL. This is a typical Windows shortcut file that opens a web page directly into a browser, instead of a location on disk. The final destination of this link is a remote script file that downloads and automatically executes a final payload.
View full story
ORIGINAL SOURCE: Bleeping Computer