The UK's National High Tech Crime Unit is tracking attacks similar to standard phishing attempts, but with links to websites using malformed URLs to deliver the Trojan to victims.
The pages use known vulnerabilities in Internet Explorer to install the backdoor, which could be used to capture passwords, steal confidential data or use the host as a springboard for other activities such as sending spam or conducting denial of service attacks.
he criminals behind these attacks are constantly evolving their techniques and changing tactics to target a wider range of victims," said Len Hynds, Head of the NHTCU. "With this range of exploits being blended in one piece of code, it is not just about online banking. There is a second key logger and a program that allows the machine to act as a mail proxy that could be used by spammers."
The websites in question, operating in America and China, have been asked by the NHTCU to remove the accounts hosting the malware.