Recently, we observed an attack campaign using link files attached to emails in Japan. We have blogged about threats utilizing link files before and this type of attack is still alive and well.
The target of the link is disguised to make it look like it is linking to a text file, tricking the user into opening it, unaware that they are not opening a text file.
Figure 1. Details of LNK file made to look like a link to a text file
Under more careful examination, by scrolling to the left of the text box, you can see the malicious scripts that will actually be executed if you open this link.
Figure 2. ...