Question about the new Xupiter toolbar

["Richard M. Smith" <rms () computerbytesman com>]

Hi,

Has anyone looked into this new Xupiter toolbar to see how it is being
installed on people's computer?  In particular is it using some IE
security hole for the install or does it just use the standard ActiveX
drive-by download mechanism?

Here's more info about Xupiter from Slashdot:

World's Most Annoying IE Toolbar 
Posted by michael on Thursday January 30, @09:02AM
from the someone-will-surpass-it-soon dept.

nautical9 writes "Following the same devious footsteps of the infamous
Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has
their own self-installing toolbar for IE. There are many claims that if
you leave your security preferences at their default level, it will
install itself without your express permission. And once on your system,
it's gracious enough to reset your homepage to xupiter.com, forward all
your searches to their search engine, download and automatically launch
applications (like gambling applets), and blocks all attempts to set
these back to normal. Removing it isn't trivial either - it
automatically checks for updates upon reboot, where it constantly
changes the registry settings it uses, making the jobs of spyware
removal programs like AdAware or Spybot Search & Destroy much harder. No
word yet if it collects and forwards personal data." 

http://slashdot.org/articles/03/01/30/1314236.shtml?tid=113

Richard M. Smith
http://www.ComputerBytesMan.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html