Edit count of the user (user_editcount) | null |
Name of the user account (user_name) | '101.109.37.155' |
Age of the user account (user_age) | 0 |
Groups (including implicit) the user is in (user_groups) | [
0 => '*'
] |
Rights that the user has (user_rights) | [
0 => 'createaccount',
1 => 'read',
2 => 'edit',
3 => 'createtalk',
4 => 'writeapi',
5 => 'viewmywatchlist',
6 => 'editmywatchlist',
7 => 'viewmyprivateinfo',
8 => 'editmyprivateinfo',
9 => 'editmyoptions',
10 => 'abusefilter-log-detail',
11 => 'urlshortener-create-url',
12 => 'centralauth-merge',
13 => 'abusefilter-view',
14 => 'abusefilter-log',
15 => 'vipsscaler-test'
] |
Whether the user is editing from mobile app (user_app) | false |
Whether or not a user is editing through the mobile interface (user_mobile) | true |
Page ID (page_id) | 910726 |
Page namespace (page_namespace) | 0 |
Page title without namespace (page_title) | 'Browser Helper Object' |
Full page title (page_prefixedtitle) | 'Browser Helper Object' |
Edit protection level of the page (page_restrictions_edit) | [] |
Last ten users to contribute to the page (page_recent_contributors) | [
0 => '101.109.37.155',
1 => 'X201',
2 => 'WikiCleanerBot',
3 => 'Casademasa',
4 => 'Uzume',
5 => 'Satani',
6 => 'Novem Linguae',
7 => 'AnomieBOT',
8 => 'Yappy2bhere',
9 => 'LrdDimwit'
] |
Page age in seconds (page_age) | 557338896 |
Action (action) | 'edit' |
Edit summary/reason (summary) | '' |
Old content model (old_content_model) | 'wikitext' |
New content model (new_content_model) | 'wikitext' |
Old page wikitext, before the edit (old_wikitext) | '{{Short description|Plug-in module for Internet Explorer}}
[[File:Am addon manager.png|right|thumb|Add-on Manager from Windows XP SP2 Internet Explorer]]
{{Information security}}
A '''Browser Helper Object''' ('''BHO''') is a [[Library (computer science)|DLL]] [[Module (programming)|module]] designed as a [[Plug-in (computing)|plugin]] for the [[Microsoft]] [[Internet Explorer]] [[web browser]] to provide added functionality. BHOs were introduced in October 1997 with the release of [[Internet Explorer 4|version 4]] of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of [[Windows Explorer]], a new instance is launched for each window.
BHOs are still supported as of Windows 10, through [[Internet Explorer 11]], while BHOs are not supported in [[Microsoft Edge]].
== Implementation ==
Each time a new instance of Internet Explorer starts, it checks the [[Windows Registry]] for the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects''. If Internet Explorer finds this key in the registry, it looks for a [[Universally unique identifier#In COM|CLSID]] key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. Removing the registry key prevents the BHO from being loaded. For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface, it can control and receive events from Internet Explorer. BHOs can be created in any language that supports [[Component Object Model|COM]].<ref>Roberts Scott, ''Programming Microsoft Internet Explorer 5'', Microsoft Press, 1999, {{ISBN|0-7356-0781-8}}</ref>
Example
== Concerns ==
The BHO [[application programming interface|API]] exposes [[hooking|hook]]s that allow the BHO to access the [[Document Object Model]] (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of [[malware]] have also been created as BHOs.<ref>{{Cite web|title=Browser Hijack Objects (BHOs)|url=https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/|access-date=2021-12-05|website=Malwarebytes Labs|language=en-US}}</ref>
For example, the [[Download.ject]] malware is a BHO that is activated when a secure [[HTTP]] connection is made to a financial institution, then begins to [[keystroke logging|record keystrokes]] for the purpose of capturing user passwords. The [[MyWay Searchbar]] tracks users' browsing patterns and passes the information it records to third parties. The [[C2.LOP]] malware adds links and popups of its own to web pages in order to drive users to [[pay-per-click]] websites.{{cn|date=May 2021}}
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.<ref>Computer Associates malware entry at [http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280 ca.com], retrieved 1/16/2009</ref> The [[DyFuCA]] spyware even replaces Internet Explorer's general error page with an ad page.
In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft debuted an ''Add-on Manager'' in [[Internet Explorer 6]] with the release of [[Windows XP#Service Pack 2|Service Pack 2]] for [[Windows XP]] (updating it to IE6 Security Version 1, a.k.a. SP2). This utility displays a list of all installed BHOs, [[browser extension]]s and [[ActiveX control]]s, and allows the user to enable or disable them at will. There are also free tools (such as BHODemon) that list installed BHOs and allow the user to disable malicious extensions. [[Spybot – Search & Destroy|Spybot S&D]] advanced mode has a similar tool built in to allow the user to disable installed BHOs.
Financial' |
New page wikitext, after the edit (new_wikitext) | '{{Short description|Plug-in module for Internet Explorer}}
[[File:Am addon manager.png|right|thumb|Add-on Manager from Windows XP SP2 Internet Explorer]]
{{Information security}}
A '''Browser Helper Object''' ('''BHO''') is a [[Library (computer science)|DLL]] [[Module (programming)|module]] designed as a [[Plug-in (computing)|plugin]] for the [[Microsoft]] [[Internet Explorer]] [[web browser]] to provide added functionality. BHOs were introduced in October 1997 with the release of [[Internet Explorer 4|version 4]] of Internet Explorer. Most BHOs are loaded once by each new instance of Internet Explorer. However, in the case of [[Windows Explorer]], a new instance is launched for each window.
BHOs are still supported as of Windows 10, through [[Internet Explorer 11]], while BHOs are not supported in [[Microsoft Edge]].
== Concerns ==
The BHO [[application programming interface|API]] exposes [[hooking|hook]]s that allow the BHO to access the [[Document Object Model]] (DOM) of the current page and to control navigation. Because BHOs have unrestricted access to the Internet Explorer event model, some forms of [[malware]] have also been created as BHOs.<ref>{{Cite web|title=Browser Hijack Objects (BHOs)|url=https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/|access-date=2021-12-05|website=Malwarebytes Labs|language=en-US}}</ref>
For example, the [[Download.ject]] malware is a BHO that is activated when a secure [[HTTP]] connection is made to a financial institution, then begins to [[keystroke logging|record keystrokes]] for the purpose of capturing user passwords. The [[MyWay Searchbar]] tracks users' browsing patterns and passes the information it records to third parties. The [[C2.LOP]] malware adds links and popups of its own to web pages in order to drive users to [[pay-per-click]] websites.{{cn|date=May 2021}}
Many BHOs introduce visible changes to a browser's interface, such as installing toolbars in Internet Explorer and the like, but others run without any change to the interface. This renders it easy for malicious coders to conceal the actions of their browser add-on, especially since, after being installed, the BHO seldom requires permission before performing further actions. For instance, variants of the ClSpring trojan use BHOs to install scripts to provide a number of instructions to be performed such as adding and deleting registry values and downloading additional executable files, all completely transparently to the user.<ref>Computer Associates malware entry at [http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280 ca.com], retrieved 1/16/2009</ref> The [[DyFuCA]] spyware even replaces Internet Explorer's general error page with an ad page.
In response to the problems associated with BHOs and similar extensions to Internet Explorer, Microsoft debuted an ''Add-on Manager'' in [[Internet Explorer 6]] with the release of [[Windows XP#Service Pack 2|Service Pack 2]] for [[Windows XP]] (updating it to IE6 Security Version 1, a.k.a. SP2). This utility displays a list of all installed BHOs, [[browser extension]]s and [[ActiveX control]]s, and allows the user to enable or disable them at will. There are also free tools (such as BHODemon) that list installed BHOs and allow the user to disable malicious extensions. [[Spybot – Search & Destroy|Spybot S&D]] advanced mode has a similar tool built in to allow the user to disable installed BHOs.
Financial' |
Unified diff of changes made by edit (edit_diff) | '@@ -5,9 +5,4 @@
BHOs are still supported as of Windows 10, through [[Internet Explorer 11]], while BHOs are not supported in [[Microsoft Edge]].
-
-== Implementation ==
-Each time a new instance of Internet Explorer starts, it checks the [[Windows Registry]] for the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects''. If Internet Explorer finds this key in the registry, it looks for a [[Universally unique identifier#In COM|CLSID]] key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. Removing the registry key prevents the BHO from being loaded. For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface, it can control and receive events from Internet Explorer. BHOs can be created in any language that supports [[Component Object Model|COM]].<ref>Roberts Scott, ''Programming Microsoft Internet Explorer 5'', Microsoft Press, 1999, {{ISBN|0-7356-0781-8}}</ref>
-
-Example
== Concerns ==
' |
New page size (new_size) | 3457 |
Old page size (old_size) | 4462 |
Size change in edit (edit_delta) | -1005 |
Lines added in edit (added_lines) | [] |
Lines removed in edit (removed_lines) | [
0 => '',
1 => '== Implementation ==',
2 => 'Each time a new instance of Internet Explorer starts, it checks the [[Windows Registry]] for the key ''HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects''. If Internet Explorer finds this key in the registry, it looks for a [[Universally unique identifier#In COM|CLSID]] key listed below the key. The CLSID keys under Browser Helper Objects tell the browser which BHOs to load. Removing the registry key prevents the BHO from being loaded. For each CLSID that is listed below the BHO key, Internet Explorer calls CoCreateInstance to start the instance of the BHO in the same process space as the browser. If the BHO is started and implements the IObjectWithSite interface, it can control and receive events from Internet Explorer. BHOs can be created in any language that supports [[Component Object Model|COM]].<ref>Roberts Scott, ''Programming Microsoft Internet Explorer 5'', Microsoft Press, 1999, {{ISBN|0-7356-0781-8}}</ref>',
3 => '',
4 => 'Example'
] |
All external links added in the edit (added_links) | [] |
All external links removed in the edit (removed_links) | [] |
All external links in the new text (all_links) | [
0 => 'https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/',
1 => 'http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280'
] |
Links in the page, before the edit (old_links) | [
0 => 'http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=42280',
1 => 'https://blog.malwarebytes.com/threats/browser-hijack-objects-bhos/'
] |
Whether or not the change was made through a Tor exit node (tor_exit_node) | false |
Unix timestamp of change (timestamp) | 1650212906 |
