Toolbars are software extensions that are visible in the GUI of the host program. In the case of PUPs, the host program is usually a browser. The visible part of the toolbar can vary from one extra button added to the browsers own taskbar, to the bar over the full width at the top of the browser window.
A registry cleaner, also known as registry optimizer or registry defragmenter, is a program that claims to clean the computer’s registry in order to optimize the system’s performance. It is usually free.
Many favor downloading, installing, and running this type of program because they swear by the improved capabilities observed after the registry is cleaned. However, researchers claim that this perceived improvement can only be a form of placebo effect.
Commercial keyloggers are applications designed to harvest user interactions with a computer. These interactions include the capture of keystrokes, usernames and passwords, screenshots, collection of images and sound from the microphone/camera, printed documents, browser history, emails, chat logs, and more. Commercial keyloggers are similar to Infostealers in their ability to covertly collect user information, but differ in the fact that these programs can be obtained with a legitimate license through legal means. Commercial keyloggers are often marketed toward concerned spouses/parents who wish to monitor usage of a home PC, corporate IT/security teams maintaining DLP protocols, and auditors checking for conformity to policy.
Commercial keyloggers are often polished applications featuring huge selections of monitoring and stealth capabilities to assist users in maintaining a long-term presence. Due to the low cost and vast availability of these types of applications, commercial keyloggers have long been a preferred choice for criminals seeking a low barrier of entry for identity theft and fraud activities.
Browser Helper Objects (BHOs) are add-ons or plugins designed for Microsoft’s Internet Explorer (IE). Designed to enable COM objects to be written that will load with the browser (both IE and Windows Explorer), BHOs were a means to enhance the functionality of the browser. Their first use was to add toolbars to the browser windows.
Although these objects are usually dll files, we have also seen dat and exe files. The unrestricted access that BHOs have by design in IEs Document Object Model make them a powerful tool in the hands of attackers. In the Windows registry, the BHOs are registered by globally unique identifiers called CLSIDs under the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects. There the CLSIDs are sub-keys that enumerate the BHOs in use on that system.
Browser extensions are computer programs that add functionality to existing browsers. They come in as many kinds (and more) as there are browsers.
Internet Explorer distinguishes between toolbars and browser helper objects (BHOs). Other browsers like Firefox, Chrome, Opera, and Safari call them add-ons or simply extensions.
For PUPs, the economically most interesting browsers are the most popular ones, e.g. Chrome, Firefox, and Internet Explorer.