F-Secure indicates the number of programs designed to gain access to bank accounts has increased from around 17,000 in January 2008 to more than 59,000 by the end of the year. This is an indicator of the determination of malware authors to compromise your accounts, and also of the likelihood that you will encounter such a program in your regular day-to-day surfing.
Banking trojans are advanced programs that are constantly evolving to stay ahead of the user-base as well as Anti-Virus solution developers. A typical banking trojan remains dormant until you log in to a banking website. It then steals the username and password by capturing your keystrokes. One particularly nasty trojan makes secret cash transfers from the victim’s account while the victim is legitimately logged on to do their banking. These transactions often go unnoticed until the statement is reviewed. Another can reproduce a copy of the banking webpage showing account balances — except the balances are altered to show the numbers the victim expects to see. This buys the thief time to drain the account and cover his tracks.
You can get a banking trojan simply by clicking on an email link purporting to be a greeting card or video, or by visiting a less than reputable website. They can also be picked up by visiting a legitimate Web page that’s been compromised by hackers and carries or redirects you to their code.