0

I have received a website, which uses Codeigniter, to modify. The problem is, sometimes when I refresh the main page, a strange file named "download" with the Windows icon will start to download.

I'm not sure what it is and it made me worried. The file size is 33.4 KB (34,281 bytes) and the type is "File". If it helps, I'm on Windows 7 and I use Chrome most of the time and since it only happens sometimes, I've never seen it in Firefox. That can be a coincidence, though. In fact, this is happening on other computers as well.

h4ckNinja
  • 3,006
  • 15
  • 24
Sean
  • 117
  • 2
  • Did you delete the file? If not, and are not worried that the file may contain sensitive data about that website, you can submit it to [VirusTotal](https://virustotal.com/) and share the results. Also, is it happening on other computers you don't use for web development/administration purposes? Do you think it's always the same file? – A. Darwin Jun 20 '16 at 08:38
  • 1
    I do not see how this is related to CodeIgniter specifically? – Bob Ortiz Jun 20 '16 at 08:47

1 Answers1

3

This sounds very much like your server was compromised, and someone is using it to spread malware with the help of drive by downloads. Consider taking your site offline, as it might be infecting your visitors with malware.

To make sure that this is actually the case, I would recommend the following:

  • Ask the person responsible for the site if she knows what this might be. If there is a natural explanation, she should know.
  • Download the file (preferably on a VM to keep your system safe) and scan it with a couple of antivirus programs. Open it in a text editor to see if there is any reasonable explanation to why it should actually belong on the site.

When (and if) you have determined that it is infact malicious, you will have a lot of work ahead of you. This question explains it well. You will have to figure out how the compromise happend - how did the attackers get in - so you can stop it from happening again. And you will need to completely reinstall your whole system.

I know it is a though pill to swallow, but it is the only thing to do.

Community
  • 1
Anders
  • 64,406
  • 24
  • 178
  • 215
  • Appreciate your concern! Let me check what you said and I'll be back with results ... – Sean Jun 20 '16 at 09:02