US online security services firm Panda Software is warning of the spread of a Trojan called Bancos.GW that has been designed to steal online banking passwords from infected computers.
Panda says the Trojan is installed on a computer when a user visits certain "underground" Web sites or sites with adult content.
Once installed the Trojan monitors a users' Internet activity. If they enter certain keywords related to online banking portals - which are registered in this malware's code - or visit the websites of certain international banks, it displays a pop-up message that appears to be a warning from the bank. The pop-up claims to be part of the bank's secure identification system (SSL) and asks for registration and identification details which, if entered, are sent to a remote server.
Luis Corrons, director of PandaLabs, says this version of the Trojan is yet another attempt to steal online banking details: "The constant development of new versions makes us think that the authors of these malicious code do not always get what they want. Therefore, PandaLabs urges uses to ignore any e-mail messages or pop-up messages asking for confidential information that seem to have been sent by banks, as they are almost always false."
Panda says up until recently the Trojan has only been registered as a file downloaded from a Web site, but it also uses other means, such as mass-mailing, or P2P file sharing networks.
Internet monitoring by firewall vendor Fortinet indicates that the incidence of new Trojans circulating on the Web was up 100% in June over the previous month.