I upgraded from Spybot 1.3 to Spybot 1.4 today. When I ran the immunization both MS Antispy and Webroot SpySweeper trial version reported back that Spybot was trying to add 139mm.com to my IE trusted sites list. :eek:

I blocked the move in MS-Anitpsy and confirmed in both the IE interface and the registry that 139mm.com was listed as a restricted site. (139mm.com keys set to "4" and no domain or range keys in the registry set to "2".

Two questions:

1. Why would Spybot try to add 139mm.com as a trusted site? (Or why would I receive alerts from both Antispy programs that it was trying to do so?)
2. Is there any danger in adding sites to the restricted sites list? In researching the registry settings for internet zones, I ran across info at Symantec about several trojans that seem to do nothing but add sites to the restricted sites list. That seems like a rather harmless trojan to me.

It is a false positive. Spybot is not adding the site to the Trusted zone. I was only aware of the problem in Microsoft AntiSpyware

http://www.safer-networking.org/en/news/2005-06-21.html
How Microsoft defines "right away"...

You may receive an "Internet Explorer trusted site requires approval" message from Windows AntiSpyware (Beta) if you also use the Immunize feature in Spybot Search & Destroy
http://support.microsoft.com/default.aspx?scid=kb;en-us;902956

The registry entries actually added by Spybot are:


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\139mm.com\www]
*=dword:00000004
I guess that there is some danger in some sites being to the restricted zone. For example adding anti-virus and anti-spyware sites. However, this type of malicious behavior by malware usually adds sites to the HOSTS file to prevent access rather than restrict access.