.SCF files present ID, password to fetch icons for attack file
Google’s Chrome team is working to fix a credential theft bug that strikes if the browser is running on Microsoft Windows.
The bug is exploited if a user is tricked into clicking a link that downloads a Windows .scf file (the ancient Shell Command File format, a shortcut to Show Desktop since Windows 98).
To read the entire article, please click here.
Source: http://www.theregister.co.uk/