I was browsing tonight (with many tabs open so I don't know which is the offending site) and the safari download window popped up and started downloading a file called 'alternate.incl'. In a command window, I ran 'strings alternate.incl' and this is what I got.
<snip>jiborish</snip>
;HTTP/1.1 200 OK
Date: Thu, 24 Feb 2005 02:46:09 GMT
Server: Apache/1.3.29
Last-Modified: Wed, 22 Dec 2004 07:44:22 GMT
ETag: "fbfdfa-ee-41c925d6"
Accept-Ranges: bytes
Content-Length: 238
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/plain
<p align="center">
<a href="http://www.jdoqocy.com/click-1354702-10375472" target="_blank">
<img src="http://www.awltovhc.com/image-1354702-10365047" width="468" height="60" alt="Two audiobooks for FREE from Audible" border="0"></a>
</p>
What bothers me is that the only thing that I did was to reload all of the open tabs and the download started. I just don't know if the file is malicious. Has anyone else experienced this? Is this just a poorly writting pop-up that failed?
I can post a full copy of the file if needed.
-Thanks
<snip>jiborish</snip>
;HTTP/1.1 200 OK
Date: Thu, 24 Feb 2005 02:46:09 GMT
Server: Apache/1.3.29
Last-Modified: Wed, 22 Dec 2004 07:44:22 GMT
ETag: "fbfdfa-ee-41c925d6"
Accept-Ranges: bytes
Content-Length: 238
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/plain
<p align="center">
<a href="http://www.jdoqocy.com/click-1354702-10375472" target="_blank">
<img src="http://www.awltovhc.com/image-1354702-10365047" width="468" height="60" alt="Two audiobooks for FREE from Audible" border="0"></a>
</p>
What bothers me is that the only thing that I did was to reload all of the open tabs and the download started. I just don't know if the file is malicious. Has anyone else experienced this? Is this just a poorly writting pop-up that failed?
I can post a full copy of the file if needed.
-Thanks
