Joel Camissar, Websense Australia manager said the Trojan monitors Internet Explorer sessions and waits for users to access one of 12 financial Web sites. Once a login process has begun the Trojan creates a customized pop-up window designed to mimic the actual bank log-in page.

"Just by viewing a Web site infects people with this Trojan, but because of an unpatched vulnerability in the Microsoft Operating System just viewing the Web site, which the URL sent in the mail links to downloads, the payload and the user will not realize it until they are infected," Camissar said.

"People have to be silly to believe the National Australia Bank is bankrupt.

"The Trojan has now been named "hackdoor" and is a variant of the original "banker" virus we (Websense) discovered on April 5."

The National Australia Bank has since released a statement reminding customers of the dangers in responding to malicious e-mails.