|
|
|
|
| |
"Internet Explorer is just like any other Win32-based program with its own memory space to preserve. With Browser Helper Objects you can write components specifically, in-process Component Object Model (COM) components that Internet Explorer will load each time it starts up. Such objects run in the same memory context as the browser and can perform any action on the available windows and modules. For example, a BHO could detect the browser's typical events, such as GoBack, GoForward, and DocumentComplete; access the browser's menu and toolbar and make changes; create windows to display additional information on the currently viewed page; and install hooks to monitor messages and actions. In short, a BHO works as a spy sent to infiltrate the browser's land."
Due to the way BHO works, it is possible to use it to send possibly sensitive information via the coperate Firewall in a covert maner. |
| |
Credit:
Information supplied by Liu Die Yu.
All mentioned resources can be found at http://umbrella.mx.tc
A BHO guide from Microsoft: Controlling Internet Explorer 4.0 with Browser Helper Objects
For more information on BHO: Browser Helper Objects: The Browser the Way You Want It.
|
| |
BHO is a great way to send information to the Internet under the name of IEXPLORER:
When IEXPLORER is started, our BHO opens a new MSIE window via the script command ("window.open"). That new IE window will also be controlled by our BHO. We then hide this new window. Then the hidden window can be used to send information out by utilizing simple HTML form information posting.
Of course, this trick can also be used to receive commands from a Trojan planter.
Example:
A BHO sample that pops up a window whenever MSIE is started and show all the events (source code included): http://www.euromind.com/iedelphi/ie5tools/bho.htm
|
|
|
|
|
