redirects based on user agent

Discussion in 'malware problems & news' started by katio, Jan 15, 2011.

Thread Status:
Not open for further replies.
  1. katio

    katio Guest

    This caught my eye
    http://ubuntuforums.org/showthread.php?t=1666588

    I have my doubts ubuntuforums will bring much more light on this issue, wilders is more specialised on this sort of issues and if there's something malicious going on I'd be very surprised if it wasn't targeting Windows...

    The url is hxxp://infoproductkiller.com
    Get redirected with this UA:
    Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
    (that's Ubuntu 10.10 live if changing the UA manually shouldn't work for some reason or the theory is wrong)
     
  2. Sadeghi85

    Sadeghi85 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    747
    It seems to be only sensitive to "maverick". o_O

    Hmm...

    best_porno.PNG
     

    Attached Files:

  3. katio

    katio Guest

    Who is Eric?

    I thought, that's odd, a site specifically targeting a single Linux distro. So more testing, my findings: maverick isn't the key. Any UA containing the string "eric" will trigger it.
    Now it looks less like a malware redirect and more like a backdoor to a defaced website. Must have been a cracker without knowledge of neither regex nor the latest Ubuntu names...

    I still don't know what it's all about.

    The .jar from above would look like an java exploit or more likely trojan but the file doesn't get loaded for me.
     
Loading...
Thread Status:
Not open for further replies.