Locky ransomware and Kovter click-fraud malware are being spread in the same email campaign for the first time, with malicious.lnk files being used to infect computers. Alnk file is a shortcut file that points to an executable file, that hides a versatile. A new script has no less than five different hardcoded domains from which it attempts to download the payload malware. In addition to Locky, this script also now downloads Kovter, Microsoft said. The use of multiple domains is an obfuscation technique used to throw off URL filtering.
Source: https://threatpost.com/locky-ransomware-kovter-click-fraud-malware-spreading-in-same-campaigns/123560/