An ID theft ring that has hit thousands of people is proving hard to shut down.
The bug keeps track of what you type on your keyboard
Discovered by US security fim Sunbelt Software, the scam used keyloggers to steal data stored by Microsoft's Internet Explorer browser.
Variants of the original bug are popping up and sending data to other servers and are continuing to harvest data from unwitting victims' machines.
Tools are now appearing to help people find out if they are infected and to remove the sophisticated bug.
Sunbelt came across the server at the centre of the ID theft ring by accident while investigating the ways that spyware can infect Windows PCs.
A search of the server revealed log files containing megabytes of data stolen from PC users by a variant of a well-known virus. Sunbelt estimates that up to 30,000 people were caught out by the keylogging bug since it appeared in late July.
Initially Sunbelt contacted those it found named in the files but the sheer number of people caught out has made it impossible to keep up. Instead, it is telling Ebay, Paypal and banks about the accounts that have been compromised.
Sunbelt contacted the FBI and soon after the server at the centre of the ID theft ring was shut down, only to return to life shortly after.
Now as this central server is shut down again, others are taking over to collect data sent to them by variants of the original keylogger.
The FBI has also reportedly started an investigation into who is behind these servers.
Sunbelt has given the malicious program the name Srv.SSA-KeyLogger and has produced a free tool that scans computers to see if they are infected. Users can check for themselves by searching for a file called winldra.exe.
Publicity around the keylogger has led many anti-virus and security companies to add the bug to the list of malicious programs their software catches.