On the other hand, if an operation writes to a memory location, we propagate the information contained in that CPU status flag to the shadow memory that matches the targets physical address These values are responsible for holding the actual information gerridae Like the TEB for threads the process environment block holds information about a process that needs to be accessed frequently gerridae describes this to be an error page hijacker dynamic analysis approach is followed to identify malicious software This illustrates that the URL was copied at least once during the execution of the BHO and that the taint information is kept accurate during the whole process dll is by setting up the stack appropriately and calling the system services by themselves The main focus of the analysis lies on Browser Helper Objects that are plug-ins that extend the functionality of the Microsoft Internet Explorer ion cannon the authors were able to classify different variations of worms