Unscrupulous websites installing apps

["Jeff Miller" <jrm.wa () verizon net>]

I have a user who *somehow* got caught in one of those websites with
cascading window traps that opened up a bunch of new browser windows for
him.  One of those windows was a prompt to install a program with the
choices YES and NO.  He clicked the x in the corner instead, only to find
that somehow a program had been installed into his program files dir
complete with a shortcut in the start menu.

I haven't seen this, but I'm wondering if it's possible for someone to
defeat IE's security that easily and actually install an application.  Does
anyone know how this is done?

Sorry I don't have any examples.