Image via Trusteer:
The Ramnit worm appears to have shifted focus, and is now appears interested in financial fraud. It seems to be acting like a fairly standard piece of financial malware, with a man-in-the-middle Web injection module, which allows the malware to invisibly modify client-side Web pages and transactional details. Meanwhile, Ramnit is constantly communicating with its command and control server via SSL, reporting its status and receiving updates.
As always, be extra careful when handling financial transactions online and always use vigilance when confirming account details.