If you'll sticky me a link to their site I'll be happy to download one of their products and test it on one of my beta machines.

There doesn't seem to be an actual site. I gleaned the info from google with [foxy software].

I have since found a product comparison site with the obvious name (UK) and a variety of others including a few undesirables. A very popular name.

I'm still assuming it's the software I originally mentioned but I suppose it could be some kind of toolbar from one of the others.

I think that what your actually seeing is a Firefox plugin called FoxyTunes. In fact I use it (love it!) and all it does is place a toolbar on your Firefox browser that allows you to control your media player without having to go to your desktop. Now all that said, its linked to its own site and offers "music search services" via the toolbar. While it does not appear on my user agent, that may be due to the fact that I have disabled all the "extra features" it comes with.

I just installed FoxyTunes to see what would happen to my UA. It didn't change.

Before:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

After:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

Thanks, guys. Still a puzzle, then. :)

Not sure what it is, but I have 45 different variations of these in my logs. First seen Foxy here 2007-12-06 20:17:53.603

The most *APED UA was
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Foxy/1; QQDownload 1.7; FunWebProducts; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; MEGAUPLOAD 2.0; InfoPath.2; Zune 2.5)

The are also Double Foxies:
in a row: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Foxy/1; Foxy/1)
all over: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Foxy/1; TencentTraveler ; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Foxy/1; .NET CLR 2.0.50727)

Most of the UAs seem to generate from HK and TW.

The amounf junk people install on their PCs all over the world is staggering, Maybe Foxi should be renamed to Shmaxy. Double Foxies seem to be the current version 2 of the plugin :)

I'm not sure why there are so many bad UAs. My guesses are either bad "junk" installers or, when junk has already been installed, MS updates fail to cope with the modified UAs.

I see a lot of double-mozilla MS UAs but can't recall seeing a bad FF one so maybe it's the latter. I did actually block them for a while but they are so common I now let most of them through unless there is another reason to block them.

I do know a LOT of peopls are running adware and report-home toolbars - funweb is typical and very common. I considered blocking all them with a warning but there are so many it would impact my customers' commerce. Maybe when I own all of the sites I manage and don't have to account for missing traffic to my customers. :)

I've got 418 unique UAs with Foxy in them. Maybe you can find something useful in them. If you want them sticky me your e-mail address and I'll be happy to send them. I'm sure Bill would strangle me if I posted them here.

Added "unique."

[edited by: GaryK at 10:49 pm (utc) on April 13, 2009]

Thanks to Gary for sending me his Foxy list and providing an incentive to dig a bit deeper.

To Gary's list of 418 I have added my own list of 86, creating a final list, after removing duplicates, of 460 unique UAs.

Almost all of the UAs were MSIE variants showing a typical spread of junk added indiscriminately by MSIE (ab)users. I have no doubt there are a few thousand total variants in circulation.

The 14 Firefox ones seem mostly to vary only in the Firefox browser version number, although a couple seem to have acquired MSIE parameters (.NET CLR 3.5.30729 and megaupload).

I think this says a lot for the installation ability and integrity of Firefox but probably also for the fact that its users are not so trigger-happy with dodgy add-ins.

One agent caught in the sweep was not actually Foxy but Foxybird, which seems to be a gecko variant and can be discounted here.

My own collection of Foxy UAs was gleaned from deliberate traps for Foxy and from general traps for bad behaviour, including SQL Injection.

I found two possible sources of the Foxy addition to UAs.

Possible Source 1:

"Foxy is a filtering HTTP proxy."
(google for wareseeker and foxy)
The blurb goes on about altering content on the fly, hiding UA details, surfing via anonymous proxies etc. Depending on your viewpoint, either a potential menace or a "privacy" tool.

Possible Source 2:

A virus, described at threatexpert and prevx (via google again). It does access the internet, including web pages as far as I can tell.

I think the "content filter" one is more likely than the virus one. Although the worm does interact with internet traffic I don't think it would advertise itself in the UA.

If it IS the "content filter" device I don't like it's cloaking ability nor its "rewrite web pages on the fly" so it stays banned.

An interesting observation: If it IS the "privacy tool" then given the likely reason for employing it I was disappointed (though not really surprised) that the UAs included references for several dodgy IE plugins including known "report-home" apps/toolbars. Nor was I really surprised that the potential cloaking ability seemed to be turned off. Maybe it was being used for other purposes, but if so I don't know what.