10-24-09, 01:19 AM #1
File extension: .timp?
I'm just curious because lately some advertisers have been successfully slipping through Apple's security measures and automatically downloading small files to the desktop. Routinely, I delete the files and generally don't worry about it. The last random virus and spyware detections I ran say the system is fine, which is, of course, comforting.
But I am curious as to why these files are making it to my desktop. In all the years I've used Apple, I've never seen this until recently, which makes me wonder whether advertising software developers have found a way around Apple's safeguards or there was a bug in the latest security update. I'm tracking that question down through the usual sites, so I'm not worried. I'll have my answer soon. (Apple users are notoriously bitchy about this sort of thing, so problematic issues become well-known quickly. Even I have thrown at least one public tantrum about bugs in the operating system.)
But I'm curious about the latest. AlterNet, of all sites, just downloaded an allegedly blank (zero kb) file called ad.timp.
I've never encountered this file extension before. Indeed, I looked it up on Google and got a flock of results for .tmp files, but nothing on .timp.
Anyone? Anyone? What is this file extension? Is it some silly typo for a .tmp? Is it something new? Or maybe old but very, very obscure? What does it do?
I hope not to be paranoid about this, since my system appears to be just fine right now, but I'm always curious when I encounter a file extension I've never seen before. Even some now-classic file extensions I use so rarely that I have to go back and look them up when I encounter them.
10-24-09, 03:59 AM #2
When I encounter an unusual file extension, this site is quite helpful.
However it doesn't seem to have any record of it which suggests its either *very* obscure (i.e., someone decided to invent their own file extension that noone else uses) or a typo.
10-24-09, 05:29 AM #3
Strange one, indeed
Yeah, I tried FileXT, and they had nothing. Couldn't find anything with a Google search for .timp file extension. So I just gave up for the night and went and watched some porn. I mention that only because I sat through one of the most insanely bad home videos I've ever seen. Absolutely amazing. I mean, I know sex can be dull and boring, but holy flirking schnit.
Everything's running fine so I'll check in with the user community about the security issue tomorrow. Later today. Something like that.
10-24-09, 06:04 AM #4
have you tried renaming the file extension to .tmp? perhaps its a mistake on the programmer's part.
10-24-09, 06:07 AM #5
10-24-09, 06:08 AM #6
and are you sure .timp is an actual extension of that file? what if its just a name?
10-24-09, 09:58 AM #7
Reminds me of a programmable instant messaging platform..accidentally called TIMP.
10-24-09, 03:43 PM #8
The basic file information:
Indeed, I'm becoming more comfortable with this file extension, as I had to go back and download it anew just for that image. Still, I don't get the zero k thing.
• • •
Originally Posted by PsychoTropicPuppy
I'm actually inclined toward Draqon's suggestion right now, that it is some sort of "error". Which reminds me:
• • •
Originally Posted by Draqon
If this was somehow a hostile file, though, I'm also not particularly worried about it, as it would most likely be aimed at Windows users.
10-24-09, 04:31 PM #9
From the look of it the web server running the adverts has specified it's own Handler. This basically means that the server defines an extension to run as script, in this instance .timp
For some reason you are downloading the .timp file from the server while it parses something else. It's possible this file is acting as an anonymous tracker. (Namely it doesn't keep data on you, but should it be picked upon on your computer through a virus, or just adware, it can identify that your computer is susceptible to that sort of file push. It would be easily be found considering it's a personalised extension.
It is possible that the programmer of the script has made a mistake in their code and that no file should be created from using the URL. It's also possible that they were suppose to have a 1 x 1 pixels in it's place but generated a zero-byte file instead. (This is a standard practice when used for iterating scripts in PHP that require CRON events to be triggered without direct access to CRON)
On it's own, it isn't anything to worry about, especially if your operating system hasn't got a configured handler for that extension.
In short I guess I'm saying, Ignore it, it's nothing too dangerous.
10-24-09, 05:26 PM #10
Hmm, Tiassa, what Mac OS /browser are you using?
Are you using Tiger 10.4.11 / Safari 4.03 ?
You said that it was happening quite often lately, right? After an update? What were the other files named? Did they also have extensions, or none? Were they also 0 Kb?
10-24-09, 05:35 PM #11
This and that
Safari 4.03 on 10.4.11.
I wouldn't go so far as to say quite often. It's happened twice that I know about. The other was a .pdf download generated by an ad server on a porn site I was viewing with Camino 1.6.10. That was a .pdf that originated from a website I couldn't find. I destroyed it, as well, immediately, and I probably can't reproduce it as easily as I managed to get another version of ad.timp. And I do not recall that the .pdf was zero k.
• • •
Note for Stryder:
I also posted the situation on my blog, to cast a wider net for advice. Can I reproduce your insight there, as well (with credit and a thread link)?
• • •
Originally Posted by Draqon
As to jogging, I got a shock when I tried to take it up last year. When I tried to quit smoking a couple years ago, I put on thirty pounds. Thinking I would just start exercising to lose the weight, I was surprised to discover that no, the heavy people I know weren't just bitching when they said they "couldn't" run. The cardiovascular aspect is one thing, but the impact shock of carrying the extra thirty pounds on a bone structure unaccustomed to that weight was tremendous. I still need to drop about fifteen pounds before I can run for exercise again.
Right next to Tacoma? That could be either good or bad these days. I'm curious as to where, but you can send that to me privately if you're so inclined, or not if not. I understand. (I mean, you can post it publicly, too, but some people are wary of that from the outset.)
Last edited by Tiassa; 10-24-09 at 05:41 PM. Reason: Revise and extend my remarks
10-24-09, 06:10 PM #12
10-24-09, 06:14 PM #13
timp is 'total instant moron protocol'.
Last edited by John99; 10-25-09 at 02:31 PM.
10-24-09, 07:08 PM #14
The temporary mysteries?Originally Posted by Stryder
The Desktop is the default download target. Apple users are accustomed to simply downloading, throwing the files into a newly-created directory, and then moving that directory to where it needs be. It's a clean, simple process. But temporary files are stored—as I understand it—according to each application's design; that is, there is no uniform temporary-file storage directory.
10-24-09, 08:00 PM #15
Tiassa, perhaps your should query Dave if you still speak to him. I'm pretty sure that he timp file was just a temporary file that somehow ended up left on your desktop, perhaps during saving a website page or something like that. Dave would have more of a clue in regards to how files are allocated temporarily.
10-24-09, 08:35 PM #16
This and that
I haven't communicated with Dave in years. I've a local contact that can probably answer the question if I can track him down; he's been off the grid for a couple months to the point that I don't even know if he's alive. I mean, I would figure to hear if died or something, but wherever he is, he's in a dark state of mind right now; last I heard, he was watching his father die slowly of a degenerative disease.
However, the idea of a pathway error makes sense. I don't use AlterNet that much, but I've never thought of them as complete bastards. And this file extension seems to be some sort of freak occurrence, because nobody seems to have a record on it, and that's just not like the tech community.
All that's left is the how and why, and, frankly, I'm leaving that up to Apple. We're due for a general update in the next couple weeks; it's been almost a month since the last one, so we'll see what they come up with. Last time, I threw a hissy fit about a couple of application bugs in the update, which was resolved, quite literally, the next day by a new update.
Meanwhile, I haven't found a whole lot of noise about unauthorized downloads at the usual user community sites, so I think the problem is just now emerging as a result of coincidence; a bug in the security setup, a coincidence of pathways, and the like. It will likely be taken care of soon, else we're witnessing the leading edge of what will become a major embarrassment for Apple as more and more websites find the pathway and start dropping things onto the desktop.
I think the pathway for where the file was supposed to go is /Users/(username)/Library/Safari/LocalStorage.
With Camino and Firefox, it's a little more complicated, but I think I found the files I'm looking for, because ....
• • •
Found it. The other file that made it to my desktop was zaz.klqpof.info/lpvz/xd/pdf.pdf. The Google Safe Browsing report on the file isn't encouraging.
I found the filename recorded in Camino's downloads.plist and dropped it into Google:
What is the current listing status for zaz.klqpof.info?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 4 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-10-04, and the last time suspicious content was found on this site was on 2009-10-04.
Malicious software includes 2 exploit(s), 1 scripting exploit(s).
This site was hosted on 1 network(s) including AS30099 (SB).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, zaz.klqpof.info did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain(s), including downloadmedicinebooks.blogspot.com/.
I'm trying to think if I hit the infected site recently. Or ever. I do have a BlogSpot (blogger.com) account, but it's highly unlikely that the malware in question could make it through that network without Google knowing about it. BlogSpot/Blogger are part of the Google structure.
10-24-09, 09:36 PM #17
In essense I think your Good Tiassa, of course it will now concern Windows users.
10-24-09, 11:18 PM #18
Similar problems with safari
Hello, I'm new to this forum but this is the first I've seen some one else having the same problem, anywhere on the internet.
I've been getting automatic downloads of the ad.timp files and also these blank text files all named download.txt (or download-1, -2 etc). I can definitely trace this to the new update of safari 4.0.3. I don't seem to have the problem at all using firefox. Also certain websites seem to be worse, especially fark --or maybe i just spend proportionately more (too much) of my time there...
I have norton antivirus that updates and scans weekly, and so far nothing has shown up. I feel the same way though; it bothers me that these things are downloading automatically to my desktop. I delete them as they come, but at the very least it's annoying!
Do I have anything to worry about? Do you all think my computer is protected enough with the norton (I am not particularly tech savvy) ?
10-25-09, 12:03 AM #19
The general outlook says you're safe, for now
The ad.timp file seems harmless for now. The pdf.pdf file is toxic, but we think it's aimed at Windows users, so if you just delete the file when it turns up, it should be fine.
(As a precautionary measure, check the file information on some random file on your desktop. Make sure the Preview section is closed, so that the system doesn't try to access the file data when you bring up file information on suspected malware.)
Oh, and welcome to our humble bedlam. We hope you enjoy your time with us.
10-25-09, 03:58 AM #20
I would say that it's more of a matter of it being annoying, but not malicious(so far).
But true, I would say that this is a serious vulnerability issue as it doesn't even ask you whether to download it or not..it just downloads it, and honestly it could be considered as a possible malware vector.
And obviously this issue hasn't been solved yet, and therefore I would suggest that you revert back to a previous Safari version(4.0.). But then you'd be also lacking quite a few security patches...so I suggest that you'd rather use Mozilla..-- but thinking about it..it's better to revert back to a previous version of Safari as I consider automated downloads that do act without the consent of the user as a bigger threat. But that's just me..
Other than that there are several threads on apple.com discussing this issue about the Safari 4.0.3.
From what I've noted this problem exists since around August and has still not been taken care of. Talking about poor support.
Looks to me that Tiassa's Safari is also suffering from that vulnerability issue..though it's really strange that it downloads .pdf, and .timp, of which about the latter I've never ever heard before, and first thought that it's just the name of the file: ad.timp -- I was actually wondering if you were suffering from the same issue as ellevt, but somehow your case is slightly different..-- like you've mentioned the .pdf was in camino..-- which again could also mean that the .pdf is unrelated to the .timp dl. Or uhm...*cough* f*ck knows.
Some people were complaining that whenever they visited a website the download thingy would appear suddenly, but when they'd look at the download location(like some have it set up that all downloads get downloaded to the desktop, etc) there was nothing. Apparently those files, and folders were downloaded to a completely different location...as they've found out later.
Last edited by PsychoTropicPuppy; 10-25-09 at 04:32 AM.
By coberst in forum Human ScienceLast Post: 12-25-08, 06:03 AMReplies: 9
By coberst in forum General PhilosophyLast Post: 03-15-08, 12:11 PMReplies: 1
By Spectrum in forum Computer Science & CultureLast Post: 01-02-08, 07:53 AMReplies: 2
By darksidZz in forum Computer Science & CultureLast Post: 07-31-07, 11:16 AMReplies: 3
By invert_nexus in forum Computer Science & CultureLast Post: 02-05-07, 06:08 PMReplies: 11