This is one of those bits of news that bears repeating, particularly if you use online banking. CNET is reporting about a new type of Trojan horse, known as URLZone, that is designed not to steal your login information for online banking sites, but rather to actually steal your money while you’re on the bank’s website. URLZone is sophisticated enough that it calculates how much money to steal based on how much is in your account, then displays a false balance to the user so as not to arouse suspicion.
The Trojan is being distributed through emails, infected sites that carry the malware, or an Adobe PDF. It exploits a hole in Firefox, Internet Explorer 6, IE7, IE8, and Opera running on Windows systems. According to the firm that identified the Trojan horse, about 90,000 computers have visited sites with the malware, over 6,000 have been infected, and a few hundred have actually been used to steal the users’ money.