Fred McLain, currently a Java product development manager at Appworx Inc., is the infamous creator of malicious demonstration ActiveX controls, Exploder and Runner. His web page at http://www.halcyon.com/mclain/ActiveX/Exploder/FAQ.htm contains a Frequently Asked Questions document on his Exploder control, as well as links to download both examples.

Released in 1996, the Exploder control shuts down Windows 95 machines and powers them off (if you have the Advance Power Management feature in your BIOS). It is no different than if you chose Shutdown from your Start button on the taskbar. After making his malicious control, Fred contacted VeriSign, Microsoft’s authenticated certificate authority, and purchased an Authenticode digital signature. At the time of release, Internet Explorer 3.x would run any signed control without prompting the user. So, if you were lucky enough to browse across Fred’s web site or anyone else’s who borrowed the control, you would have about 10 seconds before your system shut down, and losing any unsaved data.

Fred and his creation immediately made headlines around the world, and ...