A piece of malware called Win32.Ramnit, which has been known to security researchers for at least 18 months, has been repurposed to target online banking users, according to security firm Trusteer.
The malware has been altered to include the HTML-injection tactics made famous by Zeus. Ramnit modifies HTML files to intercept and harvest banking details from customers during transit, allowing the attack to occur during what is otherwise a normal, safe banking transaction.
Trusteer said that the attack is made particularly dangerous by the prevalence of Ramnit infections on the web. The company cited figures from Symantec suggesting that Ramnit is responsible for 17.3 per cent of all new malware infections.
The new attacks were blamed in part on the recent decision by the creators of Zeus to release the source code behind the attack tool, giving malware writers dangerous new tools.
"The metamorphosis of Ramnit into financial malware is a sign of things to come now that the Zeus source code has been made openly available to anyone on the internet," said Trusteer chief technology officer Amit Klein.
"Unlike the past, when financial institutions had to defend against a limited number of malware platforms, attacks can now come from virtually any malicious software program, old or new."
Security experts speculated in April that malware writers armed with the Zeus code could craft new attacks that borrow components and techniques from the infamous malware infection.
A Quantum Development Kit for developers only
Banks, law firms and financial software suppliers in the UK, US and Russia targeted
Rolls-Royce chief digital officer Neil Crockett plans to use big data for efficiency and profit
Tackling security and global connectivity in logistics