I had one a day or so ago with a ludicrously high firefox version number - in the hundreds!

And several that simply say (approx): "Mozilla 5 Firefox"

Since this came from Korea, could the original UA have been in Korean characters? And if so, could my site's server have had trouble deciphering them?

I'm just speculating on why the UA has such a strange form.

Is that a ; ) in the UA? The part that turned into a smiley. (I tend to deal with these by using inline

code ;)

markup.)

And if so, could my site's server have had trouble deciphering them?

Normally, non-ASCII characters (and also a fair amount of ASCII) would be percent-encoded. Things could get lightly garbled if the original used a one-byte encoding, but yours doesn't look at all like an encoding issue.

:: wandering off to investigate "Daumoa" ::

Oh, oops, it's not new at all:

[webmasterworld.com...]

Thanks for that link to the earlier thread, Lucy. So apparently this weird UA creation from Daumoa, or whatever it's called, has been going on for a long time.

P.S. I don't see a smiley in the UA on my screen, so don't have any explanation for that.

I block Daum & CDNetworks, but I've been seeing that stupid UA for years.

(and no smileys either)

I don't see a smiley in the UA on my screen

Maybe you've turned off smileys in your prefs. (Never noticed this before; it's a global setting in the Control Panel.) The sequence

;)

turns into :wink: by default. (Personally I prefer mandatory noses, but nothing to do about it retroactively.)

No, I don't have smileys turned off. I see them here all the time. But not in that UA.

i disabled the smiley.
=8)

Oh, hey, thought it sounded familiar:

203.133.168.163 - - [20/Mar/2015:18:32:37 -0700] "GET /robots.txt HTTP/1.1" 200 647 "-" "Mozilla/5.0 (compatible; MSIE or Firefox mutant; not on Windows server;) Daumoa/4.0" 
203.133.169.204 - - [21/Mar/2015:08:10:44 -0700] "GET /robots.txt HTTP/1.1" 200 647 "-" "Mozilla/5.0 (compatible; MSIE or Firefox mutant; not on Windows server;) Daumoa/4.0"

a-n-d... (should really have noticed this one)

203.133.171.88 - - [04/Mar/2015:01:26:51 -0800] "GET /robots.txt HTTP/1.1" 200 647 "-" "Mozilla/5.0 (compatible; MSIE or Firefox mutant; not on Windows server;) Daumoa/4.0"

:: detour here for comprehensive log search of name "Daumoa" ::

Well, fancy that. I've seen them sporadically since August 2014, from two different IPs:

175.126.171.ddd
203.133.ccc.ddd (I think it's 160/20 but who gives a ###)

Neither of those is a blocked range-- in fact my non-China blocked APNIC ranges can just about be counted on your fingers-- so it took me a while to figure out how they got 403'd. Looks like it's this rule I'd forgotten all about:

RewriteCond %{HTTP_USER_AGENT} Windows
RewriteCond %{HTTP_USER_AGENT} !(Windows\ NT|Windows;\ U|Windows\ Phone)
RewriteRule (^|\.html|/)$ - [F]

Bingo. (I went back and checked. Don't know what originally triggered the rule, but the UA has been involved in thousands of 403s over the years, tralala. Most of course were blocked ranges in their own right, but score another one for belt-and-suspenders.)