A couple of weeks ago I came across a site in my web wandering and had a popup. This, despite the fact that I’m running either Avant Browser or Maxthon. Avant Browser and Maxthon are applications that wrap Internet Explorer (IE) with all the features considered mandatory of a modern-day web browser, including tabbed browsing, enhanced popup blocking, advertisement blocking, skinning support, and a configurable search engine. So because I’m running Windows XP SP2 I have two popup blockers at work for me: the one built into XP SP2’s version of IE and that of the browser application.
I assumed that the popup was a fluke of some kind, and because I was busy tracking down some piece of information, I dismissed it and forgot about it until a few days ago when I came across another one at a pretty popular Windows information site. Popups are not only annoyances, but they can bait unsuspecting users into visiting “drive-by-download” web sites that try and deploy malware on a system by exploiting unpatched vulnerabilities in the visitor’s browser. I decided to investigate.
Mark Russinovich writes on his blog: