
Windows XP has been linked to a botnet in which half a million computers are used to steal banking data, according to security firm Proofpoint.
800,000 banking transactions are thought have been sniffed as a result of the malicious network in which half of the machines involved are said to be running Windows XP, which Microsoft ceased releasing public patches for in April of this year.
Proofpoint said: "The attackers behind this operation appear to be a Russian cybercrime group whose primary motivation is financial.
"While the primary targets appear to be financial accounts and online banking information, the group also has a range of options for further monetisation of the infected computers."
To ensnare victims’ computers into the malicious network the hackers were said to have injected legitimate websites running the blogging platform WordPress with compromising code, having bought admin passwords for associated web services through the black market.
According to Proofpoint the attackers were also using traffic filters that assessed browser type and operating system, among other factors, with the intent of boosting the infection rate and minimising exposure to security researchers.
Once suitable victims had been chosen the hackers were said to exploit web browser vulnerabilities to run undesirable code on people’s machines, in what are sometimes termed "drive-by downloads" because a person merely needs to visit a site to be infected.
Hijacked machines may be used by criminals to create their own private cloud network or as an endpoint to launch attacks into other organisations, a service that can be rented out to other crooks.
Residents of the US were thought to account for three-quarters of infected machines, and 52% of computers were running Windows XP, an operating system (OS) that Microsoft ceased patching this April, but which retains around an OS market share of a quarter.