Recently TechMan wrote about the attack on Google and how targeted attacks are becoming more common. Another type of computer attack has grown in popularity as well -- the banking Trojan.

Bad guys have been trying to crack into banking systems for a long time and because of that, banks have increased the security around their servers to the point that it is pretty hard to crack them.

So the bad guys have switched their focus to bank customers, figuring that it's easier to steal $100 from a thousand bank customers than $100,000 from one bank. In the past, attacks centered on keystroke loggers, programs that could steal passwords while a user is logging on to do electronic banking. To get the keystroke logger onto you machine, crackers used a Trojan horse, a program that hides inside another program. When that program is activated, it installs itself on the target computer.

Trojans, with names such as Zeus, Clampi and URLzone, are still used, but instead of installing a keystroke logger on the computer, they install software capable of doing "man-in-the-browser" attacks.

These new attacks wait for the user to log onto his bank site and then "ride along" for the session. While the user is doing his online banking, the man-in-the-browser also is doing transactions -- transferring money from the user's account into another.

The man-in-the-browser can then alter balances to make it look as if nothing illegal has happened. You see how malicious this is.

And it is getting more widespread. Zeus malware kits are readily available on the Internet and are easy for criminals to customize, said Marc Fossi of security company Symantec.

These Trojans can hide in attached e-mail files, such as .PDF documents and Microsoft Word documents.

But a computer also can be infected by a site that harbors malware.

Electronic cards that appear to come from someone you know also are a popular conduit for malware.

Since you probably won't know that a man-in-the-browser attack is taking place or even that your accounts have been tapped, you have to prevent the Trojan from getting onto your machine in the first place.

I know what you're thinking. "Here he goes again preaching about secure computing."

Well, here I go again:

Never click on a Web site link in an e-mail, especially for your bank. When beginning an electronic banking session, type the bank URL directly into your browser.

Never open an attachment unless you are sure what it is and the person who sent it is really who sent it. This particularly applies to .PDFs and Microsoft Word documents. E-mails can be "spoofed" to look as if they came from someone you know.

When you visit your bank's site, make sure the URL is correct and contains https, which indicates a secure session.

Check bank and credit card statements regularly and report any suspicious activity immediately.

Don't open electronic greeting cards or visit porn sites, music sharing sites or any site that seems shady. All are likely to contain malware.

There, I've said it yet again.

In a recent column about the cyberattack on Google, I reported that the security company iDefense said it was likely that a .PDF file and a security hole in Adobe Reader were involved in the attack. Now iDefense has retracted that statement: "There are currently no confirmed instances of a vulnerability in Adobe technologies being used" in the attack on Google and other companies.

Looking for more from the Post-Gazette? Join PG+, our members-only web site. You'll get exclusive sports content, opinion, financial information, discounts from retailers and restaurants, and more. Our introduction to PG+ gives you all the details.