Yop,
Trojans like Zeus, etc., employ hooking to intercept APIs on a per-process basis, thus effectively implementing a user-land rootkit. Thence, calls to the detoured API would trigger user-defined pre-/post-handlers. For example, a form-grabber could detour mozilla's PR_Write API thereby 'owning' pre-encryption (SSL, etc.) firefox traffic. It goes without saying that, the sniffed traffic could be sensitive banking data (that is, containing things like credit-card numbers, etc.) being submitted on your behalf, by your browser. Howto? Well, see some code here.
BTW, there are 'ethical' uses of hooking, say in LSPs (Layered Service Providers), parental control software (for example, you could intercept out-going HTTP requests, then scrape the headers and body for porn-related words, etc.), debuggers, anti-virus tools, and many more ..
On windows, there're lots of fine ways (Mhook, MS detours, etc.) to go about hooking. My inlinedetours C++ project is yet another 'detours' endeavor worth looking at.
Give me feedbacks.
-d0p
