Microsoft has worked to bulletproof Internet Explorer 8 as much as possible with an array of mitigations. But additional security features such as Per-User (Non-Admin) ActiveX, ActiveX Opt-In and Per-Site ActiveX can do nothing to protect against social engineering schemes that rely on tricking the user into infecting the operating system.
One illustrative example of ActiveX-based social engineering attacks involves rogue antivirus products. Attackers are counting on the end users’ familiarity with the behavior of ActiveX in order to push malware as add-ons, claiming that it’s in fact a security solution meant to resolve a plethora of problems on the end user’s machine. Security researcher Sandi Hardmeier recently came across a fraudware website pushing a product dubbed Antivirus Scanner.
As soon as a user visits the malicious website, a fake scan is started and performed to the point where the rogue antivirus falsely claims that it has detected malware on the machine. As a direct consequence, it advises users to install and ActiveX add-on, namely the malware itself, and become infected. This threat is tailored specifically to Internet Explorer and the ActiveX technology, and as you can see from the screenshots with IE8 Beta 1, it looks rather convincing.