I was actually searching for information on the new album by Beth Gibbons and Rustin Man, and went to musicmass (but don't go there, you'll be sorry especially if you're running Windows !), since it looked like it was a legit download site with free MP3s (it didn't have cheesy ads) that artist-owned sites would delegate the downloads to. However, the ActiveX component (which I thought was just for navigation) is really just nasty spyware for lop.com/C2Media. Here are some of the things it did:
- Installed a toolbar in IE.
- Installed various browser "helpers" and COM components.
- Changed the home and search pages to lop.com.
- Installed a service that contacts a host (bdc.tdak.com), which is actually in the same domain as lop.com.
- Changed the default DNS suffix for the machine and all its network interfaces so that any host named without a dot would use this lop.com-controlled domain (i.e., foo becomes foo.tdak.com). Then, any name in that domain would resolve back to the same host as www.lop.com, so you'd be directed there if your homepage was set to an intranet address. Or, in my case, if your Outlook server name was in the form of a single host name instead of an dotted Internet host name. EVIL !!!