A new version of the Zeus password-stealing malware is on the loose and already has infected one in every 3,000 computers monitored by a Web security firm that works to protect more than 6 million end users.
New York-based Trusteer said the new version, known as Version 1.4 or Version 2, targets Firefox browsers and uses advanced polymorphic techniques to thwart antivirus software.
Trusteer said its Flashlight remote fraud investigation and mitigation service already has linked the latest version of Zeus, also known as Zbot, with fraud against commercial and consumer bankers in North America and the United Kingdom.
Trusteer said Zeus is licensed by numerous criminal organizations to launch targeted attacks against financial institution's customers.
"We expect this new version of Zeus to significantly increase fraud losses, since nearly 30% of Internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," said Amit Klein, chief technology officer at New York-based Trusteer.