Form grabbing
   HOME

TheInfoList



Click Here for Items Related To - Form grabbing
OR:
Form grabbing on:   [Wikipedia]   [Google]   [Amazon]

Form grabbing is a form of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
that works by retrieving authorization and log-in credentials from a web data form before it is passed over the Internet to a secure server. This allows the
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
to avoid HTTPS
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can d ...
. This method is more effective than keylogger software because it will acquire the user’s credentials even if they are input using virtual keyboard, auto-fill, or copy and paste."Capturing Online Passwords and Antivirus."
Web log post. Business Information Technology Services, 24 July 2013. It can then sort the information based on its variable names, such as
email Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" mean ...
, account name, and
password A password, sometimes called a passcode (for example in Apple devices), is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of ...
. Additionally, the form grabber will log the URL and title of the website the data was gathered from.Graham, James, Richard Howard, and Ryan Olson. Cyber Security Essentials. Auerbach Publications, 2011. Print.


History

The method was invented in 2003 by the developer of a variant of a
trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
called Downloader.Barbew, which attempts to download Backdoor.Barbew from the Internet and bring it over to the local system for execution. However, it was not popularized as a well known type of
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
attack until the emergence of the infamous banking trojan
Zeus Zeus or , , ; grc, Δῐός, ''Diós'', label= genitive Boeotian Aeolic and Laconian grc-dor, Δεύς, Deús ; grc, Δέος, ''Déos'', label= genitive el, Δίας, ''Días'' () is the sky and thunder god in ancient Greek relig ...
in 2007. Zeus was used to steal banking information by man-in-the-browser
keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
and form grabbing. Like Zeus, the Barbew trojan was initially spammed to large numbers of individuals through e-mails masquerading as big-name banking companies. Form grabbing as a method first advanced through iterations of Zeus that allowed the module to not only detect the grabbed form data but to also determine how useful the information taken was. In later versions, the form grabber was also privy to the website where the actual data was submitted, leaving sensitive information more vulnerable than before.


Known occurrences

A trojan known as Tinba ( Tiny Banker Trojan) has been built with form grabbing and is able to steal online banking credentials and was first discovered in 2012. Another program called Weyland-Yutani BOT was the first software designed to attack the
macOS macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac computers. Within the market of desktop and la ...
platform and can work on
Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current ...
. The web injects templates in Weyland-Yutani BOT were different from existing ones such as
Zeus Zeus or , , ; grc, Δῐός, ''Diós'', label= genitive Boeotian Aeolic and Laconian grc-dor, Δεύς, Deús ; grc, Δέος, ''Déos'', label= genitive el, Δίας, ''Días'' () is the sky and thunder god in ancient Greek relig ...
and
SpyEye SpyEye is a malware program that attacks users running Google Chrome, Opera, Firefox and Internet Explorer on Microsoft Windows operating systems. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. ...
. Another known version is British Airways breach in September 2018. In the British Airways’ case, the organizations’ servers appeared to have been compromised directly, with the attackers modifying one of the JavaScript files (Modernizr JavaScript library, version 2.6.2) to include a PII/credit card logging script that would grab the payment information and send the information to the server controlled by the attacker hosted on “ om” domain with an SSL certificate issued by “Comodo” Certificate Authority. The British Airways mobile application also loads a webpage built with the same CSS and JavaScript components as the main website, including the malicious script installed by Magecart. Thus, the payments made using the British Airways mobile app were also affected.


Countermeasures

Due to the recent increase in keylogging and form grabbing,
antivirus Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
companies are adding additional protection to counter the efforts of key-loggers and prevent collecting passwords. These efforts have taken different forms varying from antivirus companies, such as safepay, password manager, and others. To further counter form grabbing, users' privileges can become limited which would prevent them from installing
Browser Helper Object A Browser Helper Object (BHO) is a DLL module designed as a plugin for the Microsoft Internet Explorer web browser to provide added functionality. BHOs were introduced in October 1997 with the release of version 4 of Internet Explorer. Most ...
s (BHOs) and other form grabbing software. Administrators should create a list of malicious servers to their firewalls. New countermeasures, such as using Out-of-band communication, to circumvent form grabbers and Man-in-the-browser are also emerging; examples include FormL3SS.; those that circumvent the threat use a different communication channel to send the sensitive data to the trusted server. Thus, no information is entered on the compromised device. Alternative Initiatives such a
Fidelius
use added hardware to protect the input/output to the compromised or believed compromised device.


See also

*
Keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored ...
*
Malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...
*
Trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
* Web security exploits * Computer insecurity *
Internet privacy Internet privacy involves the right or mandate of personal privacy concerning the storing, re-purposing, provision to third parties, and displaying of information pertaining to oneself via Internet. Internet privacy is a subset of data privacy. Pr ...
* Tiny Banker Trojan


References

{{Malware Hacking (computer security) Types of malware Web security exploits