Form grabbing is an advanced (crimeware-based) method of capturing Web form data within various browsers. Often confused with traditional keylogging (recording individual keystrokes), this method intercepts the on submit API in browsers and collects web form data before it passes over the Internet. Other methods of form grabbing function similarly using a Web browser add-on or malicious toolbar to automatically read the information in log in forms when the client submits it. This type of method is very effective in recording online banking passwords and other sensitive data because it only records log in, password, IP address, URL and other form fields based on what the attacker specifies. This is a growing type of computer-based security attack.
Form grabbing was invented in 2003 with the Berbew Trojan believed to be created by Smash.
References [edit]
