Cyber Criminals using a variant of the well-known ZeuS banking Trojan horse program are targeting customer’s phone accounts from companies including Sky, TalkTalk and BT, claims web security expert Trusteer.

The ZeuS virus has been infecting PCs since 2007, stealing banking details and log-in information through phishing scams, keystroke logging and form grabbing.

This new variant, named Ice IX, creates a rogue form on banking websites to steal bank account details, but also prompts users to input their phone number and service provider.

"The victim is asked to update their phone numbers on record (home, mobile and work) and select the name of their service provider from a drop-down list," explains Trusteer's CTO Amit Klein in a blog post. On its website, Trusteer shows an example of the form in which BT, TalkTalk and Sky, three of the UK's leading service providers, are represented in the drop-down box to trick potential victims.

Trusteer believes that criminals are using this information to divert phone calls to customers from the fraud department of banks - where accounts have been compromised - to hacker-controlled phone lines, so that criminals can verify that the suspicious activity on a victim’s account is genuine and carry on taking money.

"Fraudsters are increasingly turning to these post-transaction attack methods to hide fraudulent activity from the victim and block email and phone communication from the bank," says Klein. “This allows attackers to circumvent security mechanisms that look for anomalies once transactions have already been executed by the user.”

In 2012, more than 100 people were arrested for using ZeuS to infect computers with the intention of committing fraud.