In out previous post on BHO, we discussed the basics, today we're going to wrap up our overview of Browser Helper Objects with a look at BHO's and Security as well as similarities between BHO's and Shell Extensions. A BHO is an extension to Internet Explorer that adds customization and functionality. The API's used by Browser Helper objects expose hooks that allow them to access the Document Object Model (DOM) of the current page and to control navigation. This leads to malware applications that have been created as Browser Helper Objects.
For example, the Download.ject exploit installed a BHO that would activate upon detecting a secure HTTP connection to a financial institution, record the user's keystrokes (intending to capture passwords) and transmit the information to a website used by Russian computer criminals. Other BHOs such as the MyWay Searchbar track users' browsing patterns and pass the information they record to third parties. Although many BHO's install toolbars in Internet Explorer, there is no requirement that a BHO have a user interface. Therefore it is possible that a user may not know that they have a malicious BHO installed on an unprotected machine.
Since a BHO does not need permission to install additional components, malicious programs and spyware may be spread without the user's knowledge. Since writing a BHO is fairly simple, many poorly written BHO's may harm the computer, compromise its security and may even destroy valuable data or corrupt system files. That having been said, there are many good anti-spyware programs available that will monitor a computer for suspicious or harmful activity including BHO activity. You can also use the Add-On manager in Internet Explorer to list which BHO's are installed and enable or disable BHO's as needed.
- MSDN: Browser Helper Objects: The Browser the Way You Want It
- IE Browser Helper Objects - Steven M. Cohn's WebLog