redirects based on user agent

Discussion in 'malware problems & news' started by katio, Jan 15, 2011.

Thread Status:
Not open for further replies.
  1. katio

    katio Guest

    This caught my eye

    I have my doubts ubuntuforums will bring much more light on this issue, wilders is more specialised on this sort of issues and if there's something malicious going on I'd be very surprised if it wasn't targeting Windows...

    The url is hxxp://
    Get redirected with this UA:
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
    (that's Ubuntu 10.10 live if changing the UA manually shouldn't work for some reason or the theory is wrong)
  2. Sadeghi85

    Sadeghi85 Registered Member

    Dec 20, 2009
    It seems to be only sensitive to "maverick". o_O



    Attached Files:

  3. katio

    katio Guest

    Who is Eric?

    I thought, that's odd, a site specifically targeting a single Linux distro. So more testing, my findings: maverick isn't the key. Any UA containing the string "eric" will trigger it.
    Now it looks less like a malware redirect and more like a backdoor to a defaced website. Must have been a cracker without knowledge of neither regex nor the latest Ubuntu names...

    I still don't know what it's all about.

    The .jar from above would look like an java exploit or more likely trojan but the file doesn't get loaded for me.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.