This is bad news, if you happen to get infected with this one:
A new banking Trojan seizes browser session ID tokens to keep users logged into their accounts long after they think they’ve logged off. The malware sends data to remote servers in real time, enabling cybercriminals to stealthily hijack a browsing session and gives them plenty of time to funnel money out of accounts.
Called OddJob, it has been traced to cybercriminals in Eastern Europe and has been detected in attacks on customers in the United States, Poland and Denmark. Researchers at security vendor Trusteer Inc. and law enforcement investigators have been monitoring the Trojan for months, said Amit Klein, Trusteer’s chief technology officer. In an interview with SearchSecurity.com, Klein said the Trojan was detected as part of a fraud investigation initiated by a bank. So far investigators have detected fraud connected to OddJob at more than three dozen banks, Klein said.