Home > Malwares > Impersonating Mac Browser

Impersonating Mac Browser

As I mentioned last topic, Zlob fake codec sites are smart enough to know whether you are running on Windows or Mac. If you are an analyst or researcher and would like to download the DMG file, you cannot simply modify the URL or force the browser to download it, although you can modify the file extension but still the downloaded file will contain MZ header – which mean, Windows Executable.

To understand how this happens, let’s capture the http request using Ethereal and check the data.

The user browser sends User-Agent header to the requested page and this provides information such as Application Name, Compatibility, Platform and Version, Accepted language and the users Web Browser.

So, now you can figure out why.

If you are running in Windows and you want to download Zlob fake codec for Macintosh, you can simply send fake User-Agent header. This means, you are sending hand crafted http request to the server; This is impersonating the Mac browser.

There are many tools that can help you perform this job, few names like curl, fiddler and malzilla – known as malware website hunting tool.

The screenshot below shows how Malzilla download the DMG file in Windows.

Categories: Malwares
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: