Trusteer, the security firm, is now warning of a new variant of the Zeus malware trojan that imitates the Verified by Visa and MasterCard SecureCode enrollment screen to erase sensitive data and passwords from PC users.

The injected enrollment screen prompts users to enter their social security number, credit or debit card number, expiration date, and PIN or CSV code.

The in-session attack cheats online banking customers into surrendering their personal data by claiming new FDIC rules require mandatory sign-up to the card protection programme.

According to Trusteer, the information gathered by Zeus is used by criminals to commit 'card not present' transactions with retailers that employ VbV and SecureCode protection.