Msg#: 4413602 posted 6:03 pm on Feb 2, 2012 (gmt 0)
This User-Agent hit my server about 500 hundred in 8 minutes in one of those php admin/manager/etc attacks - what can we break now kind of thing. Hit most of the sites on the server as far as I can tell: they usually do.
Full UA: Made by ZmEu @ WhiteHat Team - www(.)whitehat(.)ro (parentheses added around dots to discourage the sods)
IP: 188.8.131.52 - UK2 hosting - same as mine :(
Action: completely non-white-hat.
Common enough recently but the UA is (in my experieice) unusual.
Its names range from the short -- ZmEu -- to the long version you saw, and in-between. I see it maybe three, four times a month across as many sites, literally from all over (.com, .ro, .ru, .jp, etc).
Basically it's just another exploit that aims to get its hooks into any machine anywhere and wreak havoc everywhere.