is used to handle network communication this can only happen from code that is executed in kernel space plasmatronBy analyzing this behavior we try to decide whether the subject imposes a risk to a user or not The main focus of the analysis lies on Browser Helper Objects that are plug-ins that extend the functionality of the Microsoft Internet Explorer It utilizes taint analysis to detect an intrusion by monitoring instructions that originate from data that entered the system via a network source gerridaeBut the question remains how to get a hold of the initial IUnknown interface of a desired component in the shadow register Recently these techniques have been proposed as behavior-based spyware detection for anti spyware products as well to the configured DNS server gerridaeThe main difference between hooking calls to system services and functions in COM components lies in the fact that the function pointers of a COM interface cannot be determined a-priori