[geeks] weird hijack of IE7

[Francois Dion]

This probably happens all the time, but I have a user that was
complaining he couldn't access one of our web based application. The
reason was that his IP was untrusted. It is as if he's coming from a
machine from scansafe.net, not from the actual trusted network he's
on. Only on IE 7, firefox is ok. Not sure what is at work here.

I've seen scansafe in my logs before, they were doing some kind of
buffer overrun attack. Are they legit but incompetant or purely
malware?

Seen that before?