At Virus Bulletin, we presented on some of the nastiest families of 2009, and zbot was one of them. Early Sunday morning was the first that the ThreatFire community started seeing a newer variant of the banking password stealing family “Zbot” in fairly high prevalence, served on a system hosted in Sweden (126.96.36.199). This variant is interesting in that it indiscriminately targets banks all over the world — the U.S., Germany, Italy, Spain, Russia, England, Ireland, etc. (the ThreatExpert report lists the banking sites here), but the users being attacked appear to be concentrated within the U.S. for now.
As always, be sure to update third party plugins (like flash players and pdf readers) in addition to your system software and add a behavioral layer of protection like ThreatFire.