never-ever-****-with-my.net

As reported by Computerworld, three regional banks in the US were hacked in new spoofing attack:

"Earlier this month, attackers were able to hack servers run by the Internet service provider (ISP) that hosted the three banks' Web sites.  They then redirected traffic from the legitimate Web sites to a bogus server, designed to resemble the banking sites, according to Bob Breeden, special agent supervisor with the Florida Department of Law Enforcement's Computer Crime Center.

Users were then asked to enter credit card numbers, PINs (Personal Identification Numbers) and other types of sensitive information, he said.

According to Breeden, the affected banks are Premier Bank, Wakulla Bank, and Capital City Bank, all small regional banks based in Florida."

CNET's News.com reports on a panel discussion at the RSA Conference 2006:

"We have recently seen a move away from stealing user name and passwords," Shipp said.  The new "bank-stealing Trojans" wait until the victim has actually logged in to their bank.  "It then just transfers the money out."

"All of the authentication, little keys you have to have in your hand, biometrical things, it doesn't matter.  The bad guy just waits until you're there and then takes the money out," Shipp said.

This new type of Trojan is on the rise and is currently No. 3 on the list of most common threats, according to Shipp who works at MessageLabs as senior antivirus technologist.

I guess we will all end up surfing with VMware's Browser Appliance.