WAV files are no more dangerous than other file types to download, but malware authors can use a hidden extension to disguise a program or other dangerous file type as a WAV file. Users can protect themselves by checking the file type before opening the file.
By itself, a WAV file presents no risk to computers. The WAV format simply contains a header with some file information and binary data that represents the sound the computer should generate; WAV files contain no executable code. Users who download a WAV file from a trusted source can feel confident that the download is safe.
However, Windows, by default, does not display a file's extension, which comes after the final period in the name of the file, and it's this extension that determines how Windows loads the file. A file named sound.wav.exe, by default, shows up as sound.wav on Windows systems, but Windows runs the executable if a user opens it. Users can check for this by single-clicking on the file and looking near the bottom of the window for the file type. If it's listed as an executable file, application, screen saver or any other type of file, users should beware. Malware authors have also found a way of inserting a special character in the name of the file to hide the extension, so setting Windows to display the file's extension may not be sufficient.