Thread: Pop ups on XP
View Single Post
Ninjavenom Ninjavenom is offline
Lord Felch Demon
Ninjavenom's Avatar
Join Date: Feb 2003
Old Jan 24th, 2005, 02:28 AM       
Most of your unexplained adware comes from the "Safe for Scripting" bug in ActiveX controls. By simply setting a different flag in one's activeX controls in the code where it would be executed by the user, the authenticode signature can be bypassed entirely. Since Authenticode says "yeah, that's okay", the code gets executed without IE even giving a warning. Thanks to Scriptlet.typelib and Eyedog.OCX being flagged this way on the webpage, they will begin to run on the user's machine. Scriptlet has access to read/write, and create files on the target machine, and the Eyedog has the ability to query the registry and gather machine characteristics,so the programmer just gives them a small program to run quietly in the background. Viola, adware.
Reply With Quote