[Dshield] Yet another strange user agent

KrogNetix abuse at allover.ca
Wed Feb 1 16:43:20 GMT 2006


Doan,

I have seen this also. It is definitely malware related. Probably searching
web sites for email addresses to send infected messages to. I have our IDS
set to disallow users HTTP requests with abnormally long user agents.

------------------
M. McBride
Security Admin
Allover/ KrogNetix
Vancouver CA
888-320-TECH


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Don Jackson
Sent: Tuesday, January 31, 2006 3:00 PM
To: General DShield Discussion List
Subject: [ABUSE] [Dshield] Yet another strange user agent


Anyone recognize the CLSID in this HTTP_USER_AGENT?

  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
{4061C11C-7B73-4747-8573-3D5F96B2482F})

I assume it's a BHO, probably spyware related.

TIA,
Don J.


*** *** *** *** *** *** *** *** *** ***
  CONFIDENTIALITY NOTICE  
This e-mail is intended for the sole use of the individual(s) to whom it is
addressed, and may contain information that is privileged, confidential and
exempt from disclosure under applicable law.  You are hereby notified that
any dissemination, duplication, or distribution of this transmission by
someone other than the intended addressee or its designated agent is
strictly prohibited.  If you receive this e-mail in error, please notify me
immediately by replying to this e-mail.
*** *** *** *** *** *** *** *** *** ***
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list







More information about the list mailing list