Security firm RSA has warned that thesoftware kit behind half of the world's phishing attacks has beenupgraded..

The RockPhish software has been used in attacks on over 40 European and USfinancial institutions.

Thetool has been very successful, using innovations including unique URLgeneration to defeat blacklists. But Rock Phish has not used malware aspart of its attack until recently.

The fake phishing pages nowinclude a Trojan dubbed Zeus, so that once a victim's financial datahas been harvested the Trojan allows the computer to be controlledremotely.

"The victim is duped into visiting a phishing site," said Uriel Maimonfrom the RSA 24x7 Anti-Fraud Command Center.

"Whetheror not the victim surrenders his/her credentials into the site isirrelevant, as many people click on phishing links but do not fill inmeaningful information.

"However, with this new attack twist the victim will still be infectedwith a Trojan."

Thegroup behind the Rock Phish attacks did not develop the Trojanthemselves, but purchased it for the job in much the same way as alegal software developer.

Zeus is a very flexible and persistentTrojan which can be used to steal data, make the infected machine partof a botnet and even take regular screenshots of a user's activity.

"TheZeus Trojan has many startling capabilities," said Maimon. "As I lookon this blissful union of fraud and crime technologies, I can only envythe criminals who can find such coupling."

The Rock Phish software has become something of a cause célèbre in theIT security industry since it surfaced.

The creators have been described as the Kaiser Söze of the online world,and no-one is sure whether the creator is a single person or a hackinggroup.

RSAis confident that it is a hacking group behind the code, and no-onedisputes that the software has been astonishingly successful.

Hundreds of millions of pounds have been siphoned out of users' bankaccounts over the past four years.