I was browsing the internet and ended up getting redirected to a website. A warning popped up in my browser telling me that the website was a danger. So of course I left, but somehow it downloaded something without even asking me. It just downloaded it. A file called banner.pdf. I was using Google Chrome.

Now of course I noticed that on the bottom I had a completed download so I checked out the downloads folder and found it. I renamed it to 1.pdf just so it was easier to shred -uvz and I did shred it. But after renaming it it appeared to clone itself and I had another banner.pdf there. Keep in mind I never opened this file at all. So this time I just shredded that one without changing the name. It appears to be gone now. I am guessing this was meant for Windows and not Linux.

Has anyone ever seen or heard of this happening before? If so how could it do it when I renamed it and never opened it?

I am only going to bump this once. I am curious to know what happened, it is strange to me how this went and I would like to know if anyone could explain it. All things check out and are clean on my system.

Perhaps it would help if you either gave us the web site, examined the url, and/or examined the .pdf :twisted:

Perhaps it would help if you either gave us the web site, examined the url, and/or examined the .pdf :twisted:

I should have saved it. I am not sure what the website was. I was redirected pretty fast from an online a TV website with videos from Korea, Asia, etc, so you know how that can go at times. (Which is why I use flash block, pop up blocks, etc.)I hate when that happens. I also automatically delete and clean things up fast.

From doing some reading I am going to guess it was not an actual .pdf file. It was probably a zipped file or something like that. I know there are compressed files that can "explode" into other files if opened. But what it doesn't explain is why it only copied itself once when I didn't open it.

Oh well. One of the mysteries of the internet. I wonder how many Windows users get infected from this without even knowing. If I was running Windows I am not sure I would have picked up on it so fast, not until it was too late.

Maybe you simply downloaded it twice, i don't know what chrome does when theres a conflict. You are in gnome? it hides the file extension, right? Maybe its chrome's fault.

I think you are too paranoid. Downloaded files don't even have execute permission.

Maybe you simply downloaded it twice, i don't know what chrome does when theres a conflict. You are in gnome? it hides the file extension, right? Maybe its chrome's fault.

I think you are too paranoid. Downloaded files don't even have execute permission.

I am using Xubuntu which has XFCE. There was only one file and I had Chrome closed, no browser where open. I know what I saw, I just don't understand it. It couldn't have been an exe, bin, sh, etc file. Besides if it had downloaded it twice I would have had banner.pdf and banner2.pdf or something like that, which I didn't.

It may have something to do with this:
http://ubuntuforums.org/showthread.php?t=1357466

It may have something to do with this:
http://ubuntuforums.org/showthread.php?t=1357466

Ok. This is making more sense. Also the fact that I didn't get this in an email, I was using FlashBlock and AdBlock, but was at a TV video site that has a LOT of ads popping up all over the place at times. It must have snuck in since I had javascript enabled. And somehow when I changed the name it just downloaded it again. Though I didn't think it could do that if the browser was closed, unless it had something to do with Adobe itself, I mean the program... ](*,)](*,)](*,)

The whole thing is just strange. But leave it to Adobe, lol.

Thanks for the info and link.

Edit: Nice to see they are taking there time getting around to fixing this. January 2010 as part of the normal update. I am starting to really dislike Adobe and their way of doing (or not doing) things.

Edit: Nice to see they are taking there time getting around to fixing this. January 2010 as part of the normal update. I am starting to really dislike Adobe and their way of doing (or not doing) things.

No probs. Just doing my part to spread the news around. And yeah, I'm having the same thoughts about Adobe too. Herein lies the crux of the problem with proprietary software I think i.e. that precisely because it is closed-source, users - I mean users with the necessary expertise - cannot do anything to help. Users in the closed-source world are just that i.e. users. There isn't much room for user involvement in app design, development, etc., and hence no community thingy.

I'm a complete amateur . Just moved from windows to ubuntu. last security I had on windows was Kapersky. Kapersky used to get rid of Banners all the time from websites. I took it to mean unwanted ad style cookies. They seemed to be considered the least of all the evils. My instincts would be that if its replicating it may be a nasty disguised as a "banner". Who knows? I'm just hoping I will get "respite" from the trench style warfare on the net by switching to ubuntu!:guitar:

The whole thing doesn't make much sense. Strangest thing I have seen using Linux. I did install Avast, I also have chkrootkit and rkhunter. So if this ever happens again I am going to scan that file. I am also going to grab flash drive and copy that file on their, open a LiveCD and then play around with it and see if it is a danger or just some weird bug (Or both if it really is Adobe related, lol.)