“ItÂ’s been discovered that embedded URLs in spoofed multimedia files (such as .MP3 and .WAV) can be used to “hijackÂâ€? users to malicious web sites. Web sites can be automatically opened when users click on MP3 or WAV files. A hacker can use file extension spoofing in order to trick users to open these files; for example, an .MP3 file may really be another file type, such as a .AFX file, which may contain a URL. Internet applications (browser, e-mail client, etc.) may even open such files without asking the user what to do (if the user made a decision in the past to automatically open the specific file extension).”