Form Grabber
Encyclopedia
Form grabbing is an advanced (Crimeware
-based) method of capturing web form data within various browsers. Often confused with traditional keylogging (recording individual keystrokes), this method intercepts the on submit API in browsers and collects web form data before it passes over the internet. Other methods of form grabbing function similarly using a web browser add on or malicious toolbar to automatically read the information in log in forms when the client submits it. This type of method is very effective in recording online banking passwords and other sensitive data because it only records log in, password, IP address
, URL and other form fields based on what the attacker specifies. This is a growing type of computer-based security attack.
The most used form grabber is Zeus
. The first versions were sold in 2007 and since then it has grown to a share of almost 90% of all password stealing trojans. Its biggest rival is Spy-Eye which started as a cheaper alternative to Zeus but stopped being sold in public in late 2009.
Form grabbing was invented in 2003 with the Berbew Trojan believed to be created by Smash.
Crimeware
Crimeware is a class of malware designed specifically to automate cybercrime. The term was coined by Peter Cassidy, Secretary General of the Anti-Phishing Working Group to distinguish it from other kinds of malevolent programs...
-based) method of capturing web form data within various browsers. Often confused with traditional keylogging (recording individual keystrokes), this method intercepts the on submit API in browsers and collects web form data before it passes over the internet. Other methods of form grabbing function similarly using a web browser add on or malicious toolbar to automatically read the information in log in forms when the client submits it. This type of method is very effective in recording online banking passwords and other sensitive data because it only records log in, password, IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
, URL and other form fields based on what the attacker specifies. This is a growing type of computer-based security attack.
The most used form grabber is Zeus
Zeus (trojan horse)
Zeus is a Trojan horse that steals banking information by keystroke logging and Form Grabbing. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became...
. The first versions were sold in 2007 and since then it has grown to a share of almost 90% of all password stealing trojans. Its biggest rival is Spy-Eye which started as a cheaper alternative to Zeus but stopped being sold in public in late 2009.
Form grabbing was invented in 2003 with the Berbew Trojan believed to be created by Smash.