A new variant of the Briz Trojan, which can steal passwords and online banking details, has been found in the wild.
Briz.I could be related to an earlier scam in which made-to-order versions of Briz could be bought for $990.
The new variant was discovered by Panda Software, which reported that more than 2,700 computers in 120 countries had become infected.
The company suggested that Briz.I could have been created and sold on by the original author.
"It is possible that the creator of the original Trojan has decided to profit directly using the same Trojans that were sold before," said Luis Corrons, director of Panda Software.
"Alternatively Briz.I could be a new version of one of the examples that was sold while the previous scam was still in operation."
The malware disguises itself on a system under the name 'iexplore.exe', passing itself off as Internet Explorer. Once active it sends details, such as IP address and location, to the attacker's website.
Briz.I integrates itself into Internet Explorer and captures all information entered into online forms, such as passwords and online banking details.
The Trojan is hard to find because it covers its tracks and can prevent access to antivirus websites.
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn
Dark matter holds the Universe together - and gravitational waves could help identify it
Addison Lee is working on autonomous taxis for commuting and pleasure
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing