The Zeus crimeware toolkit has morphed again, with the latest version concentrating on stealing login details for banks in Germany, Spain, the UK and US, according to CA Technologies.
CA says Zeus previously attacked banks from countries around the world but version three has seen a far greater targeting of four countries over the last few months.
The new version is also harder for security professionals to deal with because it "employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose," says CA in a blog.
Separately, five men have arrested in Pakistan in connection with a hacking operation that has seen thousands of Web sites attacked.
The Federal Investigation Agency (FIA) also seized computers and other equipment from the suspects, accused of belonging to the "Pakbugs" forum, where hackers bought and sold stolen bank and card details and malware code.
The Pakistan government says Ahmad Hafeez, Hassan Khan, Farman Ullah Khan, Malik Hammad Khalid and Taimoor Zafar Bhatti have been apprehended but the Pakbugs founder, Jawad Ehsan alias Humza, is still free and residing in Saudi Arabia.
The men have "expertise" in SQL injections, Trojan horses, phishing, botnets and credit card jacking, says the government.