In preparation for the attacks, hackers created mock pharming websites for each financial institution they targeted.
Researchers from Websense said attackers lured victims to a website hosting malicious code that exploited a patched Microsoft vulnerability.
Microsoft patched the flaw last May. The vulnerability requires a user to only visit a website to have his or her PC infected by malware.
In this attack, the malicious website would download a trojan known as ieexplorer.exe, which downloads more malware from Russia. The websites then display an error message asking users to shut off firewalls and anti-virus software, according to the reports.
Victimised users are then redirected to the malicious pharming websites that appear similar to legitimate financial websites. Attackers can use the collected personal information for identity fraud, or sell the details to other criminals.
Dan Hubbard, vice president of security research at Websense, told SCMagazine.com today that the attacks were well researched and designed.
"They are very well planned and thought out. Resilient infrastructures, sophisticated malcode and very good back-end control and statistic," he said.
"The use of malicious code is growing very fast. This is being used more and more and we believe it will rise in both frequency and sophistication. The attack success percentages are higher also."
ISPs have shut down websites hosting the malicious code in Germany, Estonia and the United Kingdom. The attack also installs a bot on infected PCs, according to the report.
Australia amongst global attack
By Frank Washkuch on Feb 22, 2007 4:20PM