As part of trying to describe the threat posed by spyware and how to mitigate it I've been looking for information on how the various common spyware trojans currently in the wild capture password data. My best guess is that they either log keystrokes, intercept browser submissions or intercept GUI messages.
I'd like some more definitive information though and haven't been able to find it. Where would I find this sort of analysis?