So I had a couple of ideas. First I thought that IE users could be served an interstitial page with a JS redirect... But JS is obviously being executed because GA is registering hits. So what about HTTP redirects - does anyone have a confirmed case of the botnet hitting a 301 or 302 and following it? If not, I thinking... serve IE users a 302/301
Also, it's been stated that the mouse cursor is mouse cursor is never moved... I have not dug deep enough to confirm this, however it might just be a piece of gold - there are a few things that could be done with it...
1) For IE users only, serve the page with everything loaded in a JS variable and do a document.write of it only when some mouse cursor movmement takes place (GA wouldn't execute until the doc.write).
2) Use the same principle, but only load the GA code when a mouse movement takes place.
Each has it's pros and cons.
Darrin Ward |