Is user agent "InetURL:/1.0" a worm?

Forum Moderators: open

Message Too Old, No Replies

Is user agent "InetURL:/1.0" a worm?

Xuefer

2:21 am on Nov 25, 2005 (gmt 0)

i'm hit by UserAgent: InetURL:/1.0 more and more recently, with various clientip
all they request is something like /upfile.asp, seems trying to do sql injection.
i can search nothing helpful from google except some awstats report pages, some tutorial for delphi to make http agent.
there's a hacker's tool do this, but does it become a worm? or do u have same problem?

encyclo

2:49 am on Nov 27, 2005 (gmt 0)

InetURL/1.0 appears to be a plugin for a software telephone system, used to get data from a website during a call. Not a worm per se, but difficult to tell why it would be hitting your site.

Xuefer

10:39 am on Nov 27, 2005 (gmt 0)

i'd guess not, it's not a normal usage by human, all file it requested does not exist on my server.
but strange i cannot find anything relatived to worm/virus about InetURL:/1.0 (containing a ":")
the request looks like to:

GET /bbs/diy.asp HTTP/1.1
User-Agent: InetURL:/1.0
Host: $host
Cache-Control: no-cache

some of them are "Mozilla/4.0"