“Researchers at security firm Finjan have discovered details of a new type of banking Trojan horse that doesn’t just steal your bank log in credentials but actually steals money from your account while you are logged in and displays a fake balance,” Elinor Mills reports for CNET.

“The bank Trojan, dubbed URLZone, has features designed to thwart fraud detection systems which are triggered by unusual transactions, Yuval Ben-Itzhak, chief technology officer at Finjan, said in an interview Tuesday. For instance, the software is programmed to calculate on-the-fly how much money to steal from an account based on how much money is available,” Mills reports.

“It exploits a hole in Firefox, Internet Explorer 6, IE7, IE8, and Opera, and it is different from previously reported banking Trojans, said Ben-Itzhak,” Mills reports. “The Trojan runs an executable only on Windows systems, he said. The executable can come via a number of avenues, including malicious JavaScript or an Adobe PDF, he added.”

Mills reports, “About 90,000 computers visited the sites housing the malware and 6,400 of them were infected, a 7.5 percent success rate, he said. Of those whose computers installed the Trojan, a few hundred had money stolen from their bank accounts, he said. During the span of 22 days in mid-August, the criminals behind the Trojan stole the euro equivalent of nearly $438,000.”

Full article here.

MacDailyNews Take: Good thing you “saved” $127.50 upfront on that POS Windows PC versus that Apple Mac you really wanted, right, dumbass?