[Nottingham] Unknown (at least to me) message

[ForkBombFluf]

On Wed, 24 Dec 2008, Jim Moore wrote:

> Ron Wilton wrote:
>> When I open Firefox I get a dialogue box with the following message.
>>
>> +++
>> Opening a.asc
>>
>> You have chosen to open
>>
>> a.asc
>>
>> which is a: PGP/MIME-encrypted message header
>> from:...a file on my harddrive
>>
>> What should Firefox do with this file?
>> ...
>> +++
>>
>> What does this mean, and am I safe to open it?
>>
>> Ta
>>
>> Ron
>>
>>
>> ------------------------------------------------------------------------
>
> On Linux, you could probably safely do this as downloaded files usually
> have the "Execute" bit flipped off. The result would likely by garbage
> on the screen. The NT kernel ignores or is unaware of this bit and
> attempts to execute anything that even remotely looks like a script or
> blob of code.
>
> This can have several unfortunate effects from the installation of
> malware (ie keyloggers, BHO toolbars, adbanner clients, mailbomb
> servers), to the destruction of the operating environment (corruption of
> the kernel, registry, etc.).
>
> What you have there is likely an attempt by a piece of Javascript to
> hijack your home page using a local file to install malware from a
> remote server. Of course, if you're on Linux this won't work. All you
> need do is reset your homepage and delete the offending file (if it
> exists) from your hard drive.
>
> -- 
> TLP
>


Jim:  I may be being a bit obtuse here, but how do you get from a file 
called a.asc (usually a file extension for ascii text I think, even in 
Windows) to "probably a piece of javascrapt trying to hijack your 
homepage?"

Ron:  Have you tried searching for and opening the file a.asc in a text 
editor, (ie. not doing anything remotely like exectuing it, but just 
looking at it to see what it is?)

What would cause Firefox to think it was a PGP/MIME-encrypted message 
header anyway?  Sounds a bit like a lost e-mail...

puzzled,

-Stef