Hackers have managed to fleece at least £20 million in the UK using the Dridex virus, Britain's top crime agency warned tonight.
The National Crime Agency urged internet users to protect themselves against cyber-attacks and said the malware virus was being used by hackers to harvest online banking details and gain access to accounts across the country.
Dridex has been developed by technically skilled cybercriminals, with UK losses estimated to run to £20 million.
At least one "significant arrest" has already been made, after thousands of UK computers were thought to have been affected.
Mike Hulett, from the NCA, said: "This is a particularly virulent form of malware and we have been working with our international law enforcement partners, as well as key partners from industry, to mitigate the damage it causes.
"Our investigation is ongoing and we expect further arrests to made."
Computers become infected with the virus when users receive and open documents in seemingly legitimate emails, the NCA said.
Those with internet bank accounts have been encouraged to visit the CyberStreetWise and GetSafeOnline websites where a number of anti-virus tools are available to download to help clean up infected machines and get advice and guidance on how to protect themselves in the future.
The NCA is working to stop the affected computers from communicating with the cybercriminals controlling them. This activity is in conjunction with a US operation, currently being undertaken by the FBI.
Its executive assistant director, Robert Anderson said: "Those who commit cybercrime are very often highly-skilled and can be operating from different countries and continents.
"They can and will deploy new malware and we, along with our partners, are alive to this threat and are constantly devising new approaches to tackle cybercrime.
"We urge all internet users to take action and update your operating system. Ensure you have up-to-date security software and think twice before clicking on links or attachments in unsolicited emails.
"Cybercriminals often reach across international borders, but this operation demonstrates our determination to shut them down no matter where they are.
"The criminal charges announced today would not have been possible without the cooperation of our partners in international law enforcement and the private sector. We continue to strengthen those relationships and find innovative ways to counter cybercriminals."