"They're targeting between 100 and 200 different institutions, with hundreds of sites related to those institutions," he said. "And for each of those sites there are multiple web pages being targeted with web inject tools, and for each of those pages, you can have multiple inject points."
One reason that the authors have been able to dedicate these resources, he said, is because of the increased specialization in the malware industry.
Soluk added that Arbor's research confirmed an earlier report by Sophos that this particular malware is part of a malware-as-a-service operation.
Sign up for Computerworld eNewsletters.