EV Upgrader operates on a very simple principle.
The site containing an EV SSL Certificate from VeriSign adds an invisible JavaScript™ link to one or more of its pages.
This link initiates a connection with a specific Web site that VeriSign has set up explicitly for this purpose. The address of that domain is
https://extended-validationssl.verisign.com, and if you access it by typing that address into any Web browser, you'll
simply see explanatory information on EV SSL Certificates.
What you don't see is that this site contains an SSL Certificate that chains up only to the new VeriSign EV root. This fact is exhibited in the behavior of pre-EV browsers, which will warn the user of the presence of an untrusted root should they access the site. When
an IE7 browser connects with this page, it automatically downloads and installs this new root from the Microsoft® Root Store. The browser installs only the root required by the site to which it's connecting and no other roots
...
Certainly it would be possible for sites to install this JavaScript prompt directly onto their own pages. However, VeriSign makes it as easy as possible for online businesses to gain the full benefit of their EV certificates
by building the functionality directly into the VeriSign Secured Seal. That means by simply installing the VeriSign Secured Seal on your Web site, you automatically add EV Upgrader and subsequently trigger root installation on all eligible client systems.