Britain's Serious Organised Crime Agency (SOCA) has joined forces with Virgin Media to help stop the spread of the dangerous SpyEye trojan.
As part of the campaign, SOCA has identified around 1500 Virgin Media customers infected with the SpyEye trojan, which could place them at risk of identity theft or bank fraud.
Virgin has written to affected customers, offering them advice on how to remove the trojan and help if they feel unable to take care of SpyEye themselves.
SpyEye in the sky
Trusteer revealed it had uncovered a SpyEye variant which targeted two leading European airline travel websites – Air Berlin and Airplus.
The former is the second biggest airline in Germany, the latter a business travel service.
“In the case of the Air Berlin attack, SpyEye is attempting to harvest confidential user information including username and password, and other data that is entered in the targeted web page,” said Amit Klein, chief technology officer of Trusteer, in a blog post.
“The injection code of SpyEye captures the information on username and password details.”
In the AirPlus case, SpyEye targets users of the Lufthansa Miles & More Visa credit card, which offers travel bonuses.
“In this instance, SpyEye injects code into the users' web browser that claims to be an anti-fraud enhancement to the online,” Klein added.
“In reality, of course, this is a cleverly-disguised attempt to phish user credentials from the unsuspecting customer of the AirPlus web portal.”