Shell Command File (SCF) is mainly used to open the file manager or shortcut file on the desktop.
Researcher Bosko Stankovic found that Chrome browser identifies SCF files as secure files by default while Windows operating system and Chrome browser are processing SCF files. This type of files is automatically downloaded without reminding the users. If attackers embed malicious SCF files in the website, the users will automatically download these files while visiting the malicious website through Chrome browser. When the users open the folder that stores the malicious files, Windows operating system will automatically execute the SCF files and try to log in to the SMB server set up by the attackers, so that the attackers can obtain user accounts and password in transit.
1. Since Microsoft (https://technet.microsoft.com/en-us/security/bulletins.aspx) and Google (https://chromereleases.googleblog.com/) have not released the repaired version, so please pay close attention to the updated announcement.
2. Please do not browse any suspicious websites and please pay attention to malicious SCF files. If any unexpected SCF files download behavior is found, please reject it. It is highly recommended to enable Chrome browser's "Ask where to save each file before downloading" feature to let users decide whether to download. The setting procedure is as follows: (Settings->Advanced Settings->Download->Enable "Ask where to save each file before downloading")
3. Please check the firewall settings to make sure to block external connections of Port 139 and 445, avoiding credentials leakage to the SMB server while the SCF files are executed accidentally.
[Reference:]
1.http://www.ithome.com.tw/news/114279
2.http://thehackernews.com/2017/05/chrome-windows-password-hacking.html