A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an
image file downloaded from his webspace, I downloaded it myself and found that it was a text file full of cialis misspellings.
The file as stored was unaltered, and the next time I downloaded the file it was innocent again. I'm so far unable to find any rogue processes, users, or even any obvious way this substitution could have been made.
Right now I'm doing a brute-force check of all installed binary files in my system, doing checksums to compare them to their stored values, but that hasn't turned up anything useful yet.
I suspect this is rather some sort of bizzare network attack, but have only a vague idea what or how... I once read about the wireless toy
airpwn, which operates by injecting response packets before the real response arrives. There
are other computers on the same switch as the server, other computers I don't control. Could they be spoofing me?