Skip to main content.
Wednesday, March 15th, 2006

User Agent Hijackers?

By now, all kinds of people are familiar with browser hijackers – those malware applications that you can sometimes get just from visiting a site. I’ve seen browser hijackers that change your home page, add favorites, redirect your search results, and worse, but this morning I may have seen a twist that’s new to me – a hijacked user agent.

A user agent is a string that an application sends out onto a network to identify itself. When you fire up Internet Explorer and go to a website, IE doesn’t just go out into the web and asks for the contents; it sends info about itself, where it’s connecting from, and information about the computer it’s running on. The user agent string is a short summary of that information.

My visitor tracking methods include saving the user agents of my visitors, and this morning I took a look at my logs and saw this:

At htxtp://www.credoninc.com you will get an interest free line of credit of upto 100,000,000.00 just for signing up and you can pay back what you owe whenever you want. (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; At htxtp://www.credoninc

(I corrupted the link texts so they won’t be treated as links.)

The visitor in question appeared to be a person, not a bot or spider, so I’m suspecting his or her browser was hijacked. It seems an awfully esoteric hijack, though. It doesn’t actually do anything, and very few people will ever see it. I’m going to have to check this out.

Posted by Greg in My Website, Software

Comments Off on User Agent Hijackers?

This entry was posted on Wednesday, March 15th, 2006 at 06:37 PST and is filed under My Website, Software. You can follow any responses to this entry through the comments RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.