Asissoft's release of Sudden Attack (http://suddenattack.asiasoftsea.net/) is a trojan and is collecting Windows passwords.
It works by preventing a user from logging into his/her PC, then providing an form to fill in a password and user name field, which if filled in correctly, will allow access to the user's machine. What its doing is of course well known subterfuge but the business world seems very unaware of the issues and costs, maybe rightly so.
A probably more overt proponent of this method of controlling and obtaining information from unsuspecting users is a company called LogMeIn (www.logmein.com). The simply ask for your passwords over the internet.
Since everyone is doing it, I guess they may as well.