FYI...

Webinjects - underground market
- http://www.trusteer.com/blog/webinje...rground-market
November 02, 2011 - "... cybercriminals have been busy developing webinjects for Zeus and Spyeye to orchestrate and develop malevolent attacks against certain brands. Webinjects are malware configuration directives that are used to inject rogue content in the web pages of bank websites to steal confidential information from the institution’s customers... Trusteer’s research team has discovered that these webinjects are being offered for sale on many open internet forums... developers are earning a decent income from selling the Zeus/Spyeye webinjects service to an increasingly diverse customer base... the developers have gone to the trouble of obfuscating the Zeus/Spyeye webinjects, not because they want to confuse malware researchers, but to try and prevent piracy of their software... webinjects can’t be modified by the 'customer', if they need localization for a specific country and language, this can only be carried out by the developers... for a price... resale is rife. Those that have purchased a copy of webinject are openly -reselling- their version to anyone wanting to steal the same information from victims... From the advertisements we’ve seen there are multiple targets, including British, Canadian, American, and German banks..."
(More detail at the trusteer URL above.)

- http://www.abuse.ch/?p=2986
December 21, 2010 - "... the Bozvanovna botnet is also using so-called Webinjects to phish credentials and steal money from the victims online bank account..."