The following is pulled straight from GRC. I have highlighted some areas for pertinence.
This site has been most well-known for its FREE ShieldsUP! Internet security test. Crucial as it is to protect yourself from malicious hackers outside, those bad guys represent only half of the threat. The Internet has proven to be an extremely fertile transportation medium for all manner of nasty Trojan horse programs, rapidly proliferating viruses, and privacy invading commercial spyware. As a result, it is no longer true that all of the potential problems reside outside the computer.
Not only must our Internet connections be fortified to prevent external intrusion, they also provide secure management of internal extrusion. Any comprehensive security program must safeguard its owner by preventing Trojan horses, viruses, and spyware from using the system’s Internet connection without the owner’s knowledge. Scanning for the presence of Trojans, viruses, and spyware is important and effective, but if a piece of malware does get into your computer you want to expose it immediately by detecting its communication attempts and cut it off from communication with its external agencies.
Ensure that your PC's personal firewall can not be easily fooled by malicious "Trojan" programs or viruses. Thanks to this first version of LeakTest, most personal firewalls are now safe from such simple exploitation.
The majority of leaktests emulate some sort of trojan or other malware activity. This is different than a legitimate application wanting to connect to the internet for the purpose of updates or otherwise “phone home.” However undesired that may be, it is somewhat legit, and the application is doing it by itself. Leaktests, as well as trojans and other malware, attempt to hijack other applications or system resources in order to gain access to the internet; they are not capable of such a connection by themselves. The idea being that if they could direct-connect, they’d be easier to spot; thus, they try to hide within the context of another, more legit application.
In this case, it’s trying to hijack the browser. A rough idea of the process. Browser is running, connected to the internet. Leaktest is downloaded and run. On execution, Leaktest tries to inject its code into the browser. If it is successful, this injection will attempt to access the browser’s internet connection to use for its own purpose (such as to contact GRC to verify the leak). So the injection of code comes before (even if only nanoseconds) the connection hijack. This is how it emulates trojan activity.
Hope that helps,
PS: Not all leaktests will trigger BOC. CPIL and PCFlank are two I know of that don’t. There are also other specific anti-trojan tests (that would be more akin, IMO, to the eicar test), such as TrojanSimulator.
PPS: Some users have posted that while trying to even download various test files like this, their AV kicks it out. At least BOC waited until you ran it…