Scripts in ASF files
A classic trick is to embed a script or text in a file with different extension. For example, saving a text file as jpg. When the browser comes to look it, it will likely try to resolve it as jpg. But there is a plethora of extensions out there. Some extensions activate applications (e.g. acrobat, windows media player), which read data in their own special way.
For Advanced Systems Format (ASF), the format uses combination of media and text streams. URLs can be embedded in a malicious ASF files, which point to malware. Anti-virus software should pick up. But there should really be checks on the contents on the ASF file itself, which should stop surfing off to the Internet. A sans.org reader wrote a simple tool for this.