Editing Browser Helper Object
Appearance
![](http://upload.wikimedia.org/wikipedia/en/thumb/1/1d/Information_icon4.svg/20px-Information_icon4.svg.png)
Latest revision | Your text | ||
Line 18: | Line 18: | ||
The BHO [[application programming interface|API]] exposes [[hooking|hook]]s that allow the BHO to access the [[Document Object Model]] (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of [[malware]] (such as adware and spyware) have also been created as BHOs.<ref>{{Cite web|title=Browser Hijack Objects (BHOs)|url=https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/|access-date=2021-12-05|website=Malwarebytes Labs|language=en-US}}</ref><ref>{{Cite journal |last=Park |first=Beomsoo |last2=Hong |first2=Sungjin |last3=Oh |first3=Jaewook |last4=Lee |first4=Heejo |date=2005 |editor-last=Kantor |editor-first=Paul |editor2-last=Muresan |editor2-first=Gheorghe |editor3-last=Roberts |editor3-first=Fred |editor4-last=Zeng |editor4-first=Daniel D. |editor5-last=Wang |editor5-first=Fei-Yue |editor6-last=Chen |editor6-first=Hsinchun |editor7-last=Merkle |editor7-first=Ralph C. |title=Defending a Web Browser Against Spying with Browser Helper Objects |url=https://link.springer.com/chapter/10.1007/11427995_85 |journal=Intelligence and Security Informatics |series=Lecture Notes in Computer Science |language=en |location=Berlin, Heidelberg |publisher=Springer |pages=638–639 |doi=10.1007/11427995_85 |isbn=978-3-540-32063-0}}</ref> |
The BHO [[application programming interface|API]] exposes [[hooking|hook]]s that allow the BHO to access the [[Document Object Model]] (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of [[malware]] (such as adware and spyware) have also been created as BHOs.<ref>{{Cite web|title=Browser Hijack Objects (BHOs)|url=https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/|access-date=2021-12-05|website=Malwarebytes Labs|language=en-US}}</ref><ref>{{Cite journal |last=Park |first=Beomsoo |last2=Hong |first2=Sungjin |last3=Oh |first3=Jaewook |last4=Lee |first4=Heejo |date=2005 |editor-last=Kantor |editor-first=Paul |editor2-last=Muresan |editor2-first=Gheorghe |editor3-last=Roberts |editor3-first=Fred |editor4-last=Zeng |editor4-first=Daniel D. |editor5-last=Wang |editor5-first=Fei-Yue |editor6-last=Chen |editor6-first=Hsinchun |editor7-last=Merkle |editor7-first=Ralph C. |title=Defending a Web Browser Against Spying with Browser Helper Objects |url=https://link.springer.com/chapter/10.1007/11427995_85 |journal=Intelligence and Security Informatics |series=Lecture Notes in Computer Science |language=en |location=Berlin, Heidelberg |publisher=Springer |pages=638–639 |doi=10.1007/11427995_85 |isbn=978-3-540-32063-0}}</ref> |
||
For example, the [[Download.ject]] malware is a BHO that is activated when a secure [[HTTP]] connection is made to a financial institution, then begins to [[keystroke logging|record keystrokes]] for the purpose of capturing user passwords. The [[MyWay Searchbar]] tracks users' browsing patterns and passes the information it records to third parties. The [[C2.LOP]] malware adds links and popups of its own to web pages in order to drive users to [[pay-per-click]] websites.{{cn |
For example, the [[Download.ject]] malware is a BHO that is activated when a secure [[HTTP]] connection is made to a financial institution, then begins to [[keystroke logging|record keystrokes]] for the purpose of capturing user passwords. The [[MyWay Searchbar]] tracks users' browsing patterns and passes the information it records to third parties. The [[C2.LOP]] malware adds links and popups of its own to web pages in order to drive users to [[pay-per-click]] websites.{{cn}} |
||
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in [[Internet Explorer]] and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.<ref>Computer Associates malware entry at [http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280 ca.com], retrieved 1/16/2009</ref> |
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in [[Internet Explorer]] and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.<ref>Computer Associates malware entry at [http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280 ca.com], retrieved 1/16/2009</ref> |