|
Form grabbing is a form of malware that works by retrieving authorization and log-in credentials from a web data form before it is passed over the Internet to a secure server. This allows the malware to avoid HTTPS encryption. This method is more effective than keylogger software because it will acquire the user’s credentials even if they are inputted using virtual keyboard, auto-fill, or copy and paste.〔("Capturing Online Passwords and Antivirus." ) Web log post. Business Information Technology Services, 24 July 2013.〕 It can then sort the information based on its variable names, such as e-mail, account name, and password. Additionally, the form grabber will log the URL and title of the website the data was gathered from.〔Graham, James, Richard Howard, and Ryan Olson. Cyber Security Essentials. Auerbach Publications, 2011. Print.〕 ==History== The method was invented in 2003 by the developer of a variant of a Trojan Horse virus called Downloader.Barbew, which attempts to download Backdoor.Barbew from the Internet and bring it over to the local system for execution. However, it was not popularized as a well-known type of malware attack until the emergence of the infamous banking Trojan, Zeus, in 2007.〔 *Shevchenko, Sergei. ("Downloader.Berbew." ) Symantec, 13 Feb. 2007.〕 Zeus was used to steal banking information by man-in-the-browser keystroke logging and form grabbing. Like Zeus, the Barbew Trojan was initially spammed to large numbers of individuals through e-mails masquerading as big-name banking companies.〔 *Abrams, Lawrence. ("CryptoLocker Ransomware Information Guide and FAQ." ) Bleeding Computers. 20 Dec. 2013.〕 Form grabbing as a method first advanced through iterations of Zeus that allowed the module to not only detect the grabbed form data but to also determine how useful the information taken was. In later versions, the form grabber was also privy to the website where the actual data was submitted, leaving sensitive information more vulnerable than before.〔 *("Form Grabbing." ) Web log post. Rochester Institute of Technology, 10 Sept. 2011.〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「form grabbing」の詳細全文を読む スポンサード リンク
|