A malicious item of code that exploits unpatched security flaws in Internet Explorer to intercept online banking passwords has been found on Web pop-up ads.
The malware, which has been identified by the Sans Institute, is programmed to pass on data from secure sessions between user PCs and the urls of up to 50 banking Websites worldwide. The trojan grabs any oubound data from within IE before it is encrypted by SSL and feeds it back to a Web server in Estonia.
The file is automatically dowloaded to user PCs under the guise of a compressed image from pop up ads delivered by third party Web servers that appear to have been hacked.
Sans analyst Tom Liston comments: "I believe that this particular type of malware represents a huge threat to the online financial industry. As the proliferation of ad/spyware shows, installing executable software on user’s machines is far too easy."
The latest warning comes less than a week after it was discovered that certain Web sites running Microsoft Internet Information Server 5.0 had been hacked and programmed to install similar keylogging spyware on passing browsers.
Both scams exploit an as yet unpatched flaw in Microsoft's Internet Explorer Web browser. Web surfers are being advised to switch to alternative browsers such as Mozilla and Opera until Microsoft releases a new set of patches.