Content deleted Content added
Yappy2bhere (talk | contribs) Undid revision 1024219578 by LrdDimwit (talk) No grammatical error, and not a redundant.example. There is a punctuation error, and grammatical errors in the sentence that followed it. |
|||
Line 16:
== Concerns ==
The BHO [[application programming interface|API]] exposes [[hooking|hook]]s that allow the BHO to access the [[Document Object Model]] (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of [[malware]] have also been created as BHOs. One type of Malware that targets the page is [[C2.LOP]] For example, the [[Download.ject]] malware installs a BHO that would activate upon detecting a secure [[HTTP]] connection to a financial institution, [[keystroke logging|record the user's keystrokes]] (intending to capture passwords) and transmit the information to a website used by Russian [[computer crime|computer criminals]]. Other BHOs such as the [[MyWay Searchbar]] track users' browsing patterns and pass the information they record to third parties.
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.<ref>Computer Associates malware entry at [http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280 ca.com], retrieved 1/16/2009</ref> The [[DyFuCA]] spyware even replaces Internet Explorer's general error page with an ad page.
| |||