"A malicious program that installs itself through a pop-up can read keystrokes and steal passwords when victims visit any of nearly 50 targeted banking sites..." Here's a related article from Business Week.