"We have seen many Trojans with Web back-ends that collect data and send a few commands back to the bot," Sites said. In contrast, MetaFisher's management interface reveals a level of sophistication usually found only in professional IT departments, he said.

According to Dunham, MetaFisher uses a PHP-based Web site to track infections by country and to manage variants and scripts. It also includes a query routine to easily filter stolen data and find keylogger and account data for specific keywords, he said.

The command-and-control servers also allow hackers to modify the behavior of the bots based on information gathered from compromised systems, Sites said. For instance, the attack instructions and exploits that get downloaded on a victim's computer might vary based on the operating system.

For the moment, a vast majority of the installed MetaFisher bots are programmed to steal passwords, personal ID numbers and other information from compromised users who visit specific banking Web sites in the U.K., Spain and Germany, Dunham and Sites said.

One of the command-and-control servers collecting stolen data is based in Washington, D.C., Sites said. Over a four-day period ending this afternoon, about 29,000 infected computers reported back to this Web site with stolen data 561,857 times, Sites said.