Apparently a lot of compromised browsers purposefully send a modified “UserAgent“, for instance:
UserAgent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
AntivirXP08; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET
CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
that “AnitvirXP08” isn’t supposed to be there and best guess is it helps web sites that work with these viruses/trojans know the system is compromised.
A web site to verify your agent to see if it has one of these is:
Unfortunately I imagine in time they’ll mask these a little better, like putting a bugus “.NET CLR” value that looks close enough to make it hard to see, but isn’t real and they can identify.
Leave a Reply