Interestingly, I have been looking through the visitor logs for this site today and have discovered some interesting things. Lot of people who visit this blog have a User Agent (UA) string which identifies a bit of spyware or possible hack attack.

Two of the most common strings are:

SIMBAR – this appears to be involved in a “Team Evil” hack, while it is not clear to me what adds the SIMBAR to the string, it has also been discussed on TaoSecurity. The most recent visitor with this UA string was from London and the string read:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;SIMBAR Enabled; SIMBAR={0611EF31-5377-41a3-A9BB-228547113477};SIMBAR=0; .NET CLR 1.1.4322)

HOTBAR – there are quite a few hits from this “semi-non-consensual” browser add on, and I have no idea if it is bad software or not (Wiki has a debate on it if you are interested). The most recent visitors we have had was an NTL broadband user (connected via Harrogate area) with the following UA string:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; V1; Hotbar 4.5.1.0)

It is not really surprising this are IE based strings showing signs of oddness, and over the last few months there have been lots of hits from this two UAs, as well as other “suspicious” strings. I will pay more attention in future and see if there are any patterns to be discerned.

In a nutshell though, I would strongly suggest everyone gets a good anti-virus package (AVG is free) and some reliable anti-spyware packages.

[tags]Spyware, browsers, technology, websites, statistics[/tags]