About a month ago I started seeing some strange entries in a client’s internet traffic logs. It started out slowly and I was not overly concerned but when the traffic mounted into 1000’s of visits, I knew I had to find out what was going on. The suspect traffic never has a Referer so looks like a Bot and can be identified as:
- User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
or
- User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; 1813)
While this looks exactly like a Bot and is indeed a fake agent, there appears to be legitimate human users behind these visits!!!
From my research I found, I was not alone, and that the problems appear to have originated from AVG Technologies’ new Internet Security Tool-bar, that as a matter of happenstance was recently released about a month or so ago. The product has a legit purpose warning users of potentially harmful websites and this product, as well as past products, have had good reviews from CNET and the like. Some suspect and have documented that the LinkScanner option of Version 8.0, that is on by default, may likely be the culprit and that the problems are more serious than first thought. The user can experience different results as typified by these CNET user reviews. In your web logs you’ll see lots of GETs from this agent and lots of 404 errors. What makes this somewhat serious is that AVG is expecting millions to upgrade to the new revision, so spread the word.