“How often do you open 20 or 30 browser windows to different sites simultaneously? Computers infected with a number of different click-fraud malware families may generate noisy volumes of Web traffic in short bursts. Or, for instance, on a corporate network with a locked-down software policy, where everyone is supposed to be using one type of browser, an analyst might see a Web session in which the user-agent string which identifies the browser to the Web server indicates the use of a browser that’s far removed from the standard corporate image, or maybe a version that doesn’t even exist.” Andrew Brandt – Principal Researcher at Sophos
Source: darkreading
About Andrew Brandt
SophosLabs Principal Researcher Andrew Brandt blends a 20-year journalism background with deep, retrospective analysis of malware infections, ransomware, and cyberattacks as the editor of SophosLabs Uncut.
His work with the Labs team helps Sophos protect its global customers, and alerts the world about notable criminal behavior and activity, whether it’s normal or novel. Follow him at @threatresearch on Twitter for up-to-the-minute news about all things malicious.
