AVG Update: Yet More Fake Traffic With New Disguises

June 29, 2008 – 11:47 AM

In an update to our June 20th post referring to Grisoft’s AVG anti-virus product spewing fake traffic (in our opinion a flawed architecture design by the company’s CTO, Karel Obluk). Cade Metz, of The Register, has delved a bit deeper into the issue, and has discovered that over last weekend, AVG modified the product to be even more intrusive to web masters, systems and network engineers managing legitimate sites, and generally causing mayhem in analysis and bandwidth costs. Now, the company has re-crafted it’s product to include two more disguised agents:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;1813)

We believe, like most others, that it is a good thing to perform search and destroy operations (or thoroughly examine links for potential mal-activities) on malware laden sites,and to protect users from such. Flawed architectures like the AVG product, place the burden of such actions on the wrong side of the equation (an analogy, if you will: anti-cancer medication that also kills healthy cells).

We envision the next step from affected sites (specifically large sites that can show significant financial loss due to bandwidth related charges) to enter into legal action regarding the product.

AVG Update: Yet More Fake Traffic With New Disguises | Infosecurity.US