Form Grabbing

In the growing world of cyber crime, new methods are created and used for espionage, financial theft (fraud), and even cyber warfare. The term form grabbing refers to a method of capturing web form data within browsers. It may be confusing to contrast the differences between form grabbing and traditional keylogging, but a keylogger records all individual keystrokes by hooking into the keyboard APIs or even acting as a keyboard device driver. Keylogging method will soon be replaced by advanced form grabbing techniques because a criminal interested in your credit card and bank account does not want to read countless logs of facebook conversations. Form grabbing malware logs web form submissions by recording onsubmit event functions in a web browser, which even bypasses HTTPS encryption.The method was invented in 2003 by the developer of the Berbew Trojan (, but made popular by the infamous banking trojan called Zeus in 2007. The first advancement with the form grabbing module was that Zeus in the early versions had the ability to detect the form data that was grabbed and determined whether the information is useful to the cyber criminal and even the website that the data was submitted. This allows the form grabber to be more effective in stealing sensitive information. Another banking trojan, SpyEye, (which is a rival malware of Zeus) developed web injects, which “injected” forms into websites to trick the user in entering information such as pin numbers and even social security numbers. Web injects were also adopted in the later versions of Zeus and new underground markets emerged for effective web injects to many popular websites such as Ebay and PayPal.

Enhanced by Zemanta