0 Replies Latest reply on May 19, 2009 11:16 AM by HarryWaldron

    AntiVirus 2009 - May actually update User Agent information

      These rogue AV products are not truly security applications, but designed to trick users into sharing their credit card or PayPal account information with fake "you are infected" pop-up messages. F-Secure describes how UA strings may be manipulated to provide information on the specific version back to malicious websites.

      AntiVirus 2009 - May actually update User Agent information
      http://www.f-secure.com/weblog/archives/00001684.html

      QUOTE: How big an issue are Rogue antivirus applications? Some rogues modify the browser's user agent. We've seen hundreds of AntivirXP08 string variations. The modified string is possibly used to identify the affiliates responsible for the installation which drives "business" to the rogue's website.

      How many infected user agents are out there? Toni examined one of our sinkholes and its April 2009 logs contained 63,000 unique IP addresses using agents that contain AntivirXP08. And that doesn't include other strings we've seen such as "Antimalware2009". It's a small measure of a very large problem.

      How to test your UA Information
      http://whatsmyuseragent.com/

      What is UA Information?
      http://whatsmyuseragent.com/WhatsAUserAgent.asp
      http://whatsmyuseragent.com/CommonUserAgents.asp
      http://www.nasa.gov/mission_pages/shuttle/main/index.html