[Emerging-Sigs] FP ET TROJAN Pingbed/Downbot User-Agent (Windows+NT+5.1) -- 2009486

Russell Fulton r.fulton at auckland.ac.nz
Sun Oct 23 03:05:09 EDT 2011

I have 5 systems tickling this sig. The packet captures look kosher - different browsers, and many different sites...

Couple of examples:

GET /css/vivid_module.css? HTTP/1.1
Accept: */*
Referer: http://www.allmusic.com/search/song/big+jetplane
Accept-Language: en-nz
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 14 Oct 2010 19:32:08 GMT; length=1686
Host: www.allmusic.com
Connection: Keep-Alive

GET /log.php?id=1039&r=64392 HTTP/1.1
Host: stat.adlesse.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.102 Safari/535.2
Accept: */*
Referer: http://dispatch.lite.adlesse.com/?size=300x250&loc=lite&rnd=0.7143454265315086&aduid=adlesse_widget_0.9313804337289184&this_is_adlesse_widget=true

Each local IP is throwing hits on lots of different sites.

Russell (who should go and watch the Rugby soon -- RWC final, NZ vs France -- being played less than a mile from our house, no I did not pay $1000 for a ticket -- I'll watch on TV and leave the windows open for the <delayed> cheering from the stadium :)

More information about the Emerging-sigs mailing list