So... I analyzed my visit logs for the last couple of days. There are very few IE6 and IE7 visits, but still a few hundreds.
Out of these, about 90% are pure bullshit.
IE7 - Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
"InfoPath" is supposed to be a bot, to begin with...
But look at that beautiful request:
From what I could gather, it's a scriptkiddie's bot to exploit an old Joomla vulnerability. Yay...
Me loves that kind of wasted bandwidth. (Heck, even the script itself seems to no longer be hosted, so even if there was a vuln, it would still do nothing to it.)
I'm tempted to send a 403 to any query that holds a 'cmd=' variable in its query string. The only occurrence of 'cmd' as a variable in Wedge is an outgoing request to PayPal subscriptions. I don't think it would hurt.
Even "regular" IE6 user agents sometimes send some suspicious requests... What about "/.svn/entries" in the URL, eh..? Or guestbook2.htm? These are both IPs from Ukraine and Russia. (They may be in an internal crisis, but they both agree it's cool to bother every site in the world... :P)
Guests with a regular IE7 string trying to access ?action=unread, and who are nowhere to be found in the Wedge IP list, and even better, use a "direct allocation" IP address..? Very suspicious, too.
Anyway, all of this to say: I'm pretty confident that Google's stats are more correct than anything else I could try for.