Useful browser check…

Apparently a lot of compromised browsers purposefully send a modified “UserAgent“, for instance:

UserAgent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
AntivirXP08; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET
CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

that “AnitvirXP08” isn’t supposed to be there and best guess is it helps web sites that work with these viruses/trojans know the system is compromised.

A web site to verify your agent to see if it has one of these is:

Unfortunately I imagine in time they’ll mask these a little better, like putting a bugus “.NET CLR” value that looks close enough to make it hard to see, but isn’t real and they can identify.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">




This site uses Akismet to reduce spam. Learn how your comment data is processed.