Slashdot Mirror

← Back to Stories (view on slashdot.org)

AVG Fakes User Agent, Floods the Internet

Posted by CmdrTaco on from the way-to-go-guys dept.

Slimy anti-virus provider AVG is spamming the internet with deceptive traffic pretending to be Internet Explorer. Essentially, users of the software automatically pre-crawl search results, which is bad, but they do so with an intentionally generic user agent. This is flooding websites with meaningless traffic (on Slashdot, we're seeing them as like 6% of our page traffic now). Best of all, they change their UA to avoid being filtered by websites who are seeing massive increases in bandwidth from worthless robots.

3 of 928 comments (clear)

  1. I discovered this the hard way by brunascle · · Score: 5, Interesting

    A couple months ago, a random article on my company's site got around 20 times the number of hits that the top story of the day should be getting. I checked the logs, and saw legit-looking IE user agents, but they didnt look normal. None of them had any cookies, and none of them were downloading the CSS or image files that they should have been. The IP addresses were from all around the world. WTF?

    I found out that Google was doing one of its things where it changes the google logo for some special occasion, and it links to a search. That article was on the first page of the results.

    I did a search for the exact user agent and discovered it was AVG. When you go to a Google search, AVG downloads each result looking for malware. Hooray for falsified user agents.

    Though, I suspect the reason they use a legit-looking IE user agent is because malware sites could sniff the AVG user agent and serve up an innocent page for them, and malware for everyone else.

  2. Apache Rewrite Rules! by Anonymous Coward · · Score: 5, Interesting

    Try this on Apache servers:

    #Here we assume certain MSIE 6.0 agents are from linkscanner
    #redirect these requests back to avg in the hope they'll see their silliness
    Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1; SV1.$" [OR]
    Rewritecond %{HTTP_USER_AGENT} ".*MSIE 6.0; Windows NT 5.1;1813.$"
    RewriteCond %{HTTP_REFERER} ^$
    RewriteCond %{HTTP:Accept-Encoding} ^$
    RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]

    Brought to you by These guys.

  3. YOU are clicking on every link! by hudsucker · · Score: 5, Interesting
    Let's say that your Google search returns some links that are NSFW, or could be considered illegal to view. As a far as anyone looking at server logs is concerned, you are choosing to view those links.

    How long before someone gets fired or arrested, and tries to explain that it was their anti-virus software that was viewing the child pr0n?