Yesterday, about an hour after reading the thread [webmasterworld.com...] (searches at google.com redirect to www2.google.com), my machine got the bug that that thread describes. Basically, it's an exploit of Active-X to write into your hosts file, which skips standard DNS to send your browser directly to certain IP numbers for the domains in the file. So scumware site X changes the entry for google.com, alltheweb.com, all derivatives thereof, and all other biggie searchengines to its own scumware search site IP number. I see now there's another newer thread started on this exploit, [webmasterworld.com...] -- seems a number of people are getting hit by this.

The first thread points to [imilly.com...] , and the advice on cleaning out my hosts file was so welcome, and so weird that I had read about a fix for this just hours before it happened to me. The site (and apparently there are a whole lot of sites like it out there) strongly advises you to turn off everything that is Active-X related, since MS apparently has a bug in ie that can be exploited if it's on.

Now, I hadn't really spent much time before thinking about Active-X until recently, with the Eolas suit, figuring that Active-X is just some MS lingo for embedded objects, just like DHTML just means javascript + stylesheets. Anyways, you bet, I turned the Active-X option to "prompt" to have more control over this function.

Just about anything that's embedded now gives me that little irritating prompt box, but I suppose it's worth it to keep nasty stuff from happening to my system.

But this gives rise to a kind of scary question: could this plague of Active-X related browser exploits in any way be related to the Eolas-Microsoft lawsuit? Actionscript.com ( [actionscript.com...] ) posits that Eolas's lawsuit might, in the end, give MS an excuse to remove everything that falls under the category Active-X (meaning, basically, anything that involves a plugin, like flash), simply to re-work everything into proprietary browser functions. The scenario basically is, MS releases another auto-fix of ie that disables Active X, most people don't really notice much of the difference, and don't migrate to Mozilla or Opera -- then Microsoft makes vector graphics replacements for Flash, and other native features of ie to replace the other plugins, but now all of them proprietary Microsoft protocols & technologies, so Microsoft owns even more of the web than previously, a win-win situation for MS if they really do lose with Eolas in appeals.

The thing is, if people are already actively turning off Active-X, and this is becoming part of accepted web wisdom, well, Microsoft's new non-Active-X browser replacement will be greeted with even more apathy -- hardly anyone will notice, and those who do will hear, 'Active-X -- well you're supposed to turn that off anyways.'

I really doubt MS would fix things to actually exploit yet another security flaw in its own famously buggy product, but thinking about it, this does make kind of a neat conspiracy theory. Needs a tad less suspension of disbelief than, IMHO, an Oliver Stone one.