Well, I am sick again, alone at home, so looking for something to dig in…
And, as it appear to be, there is always something interesting happened.
If You familiar with ExploitKits, You know, that major feature of traffic filter is – PluginDetect.
It is JS script with huge amount of features, provided by legit and respectful authors.
Main usage for malicious purposes – detect an outdated plug-ins to serve “working” exploits for successful infection of a victim.
It also known to be part of malicious applications, and triggered respectively. There are products, that emulate JS, provide fake responses to PluginDetect to bypass it successfully.
Well, bottom line – it’s quite a mess to use it for traffic filtering.
But there are other ways, always…