Quoting dstiles: "MSIE 6 is now deprecated by MS and rightly so. They no longer support it so any holes are exploitable." [webmasterworld.com
FWIW, I've got it blocked (as should we all:) but I wanted to pass along a same-second, one-two punch pattern that's cropped up at least three times in two days, twice from rarely-exploited Swedish ISPs, and once from always-hazardous telecomitalia.it
The pattern's a mash-up of site-specific search keywords and fake URIs and fake REFs with bad hex -- http
:keywordB@ -- via:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Three different pairs of site-specific keywords routed to different, keyword-appropriate files by a faked URI+REF combo -- anyone else seeing this stuff?