redirects based on user agent

Discussion in 'malware problems & news' started by katio, Jan 15, 2011.

Thread Status:
Not open for further replies.
  1. katio

    katio Guest

    This caught my eye
    http://ubuntuforums.org/showthread.php?t=1666588

    I have my doubts ubuntuforums will bring much more light on this issue, wilders is more specialised on this sort of issues and if there's something malicious going on I'd be very surprised if it wasn't targeting Windows...

    The url is hxxp://infoproductkiller.com
    Get redirected with this UA:
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
    (that's Ubuntu 10.10 live if changing the UA manually shouldn't work for some reason or the theory is wrong)
     
    katio, Jan 15, 2011
    #1
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    It seems to be only sensitive to "maverick". o_O

    Hmm...

    best_porno.PNG
     

    Attached Files:

    Sadeghi85, Jan 15, 2011
    #2
  3. katio

    katio Guest

    Who is Eric?

    I thought, that's odd, a site specifically targeting a single Linux distro. So more testing, my findings: maverick isn't the key. Any UA containing the string "eric" will trigger it.
    Now it looks less like a malware redirect and more like a backdoor to a defaced website. Must have been a cracker without knowledge of neither regex nor the latest Ubuntu names...

    I still don't know what it's all about.

    The .jar from above would look like an java exploit or more likely trojan but the file doesn't get loaded for me.
     
    katio, Jan 17, 2011
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...