PETALING JAYA: A hacker is believed to have tried to dupe Internet users into giving away their private financial information by posing as an online executive at Maybank Bhd.

Over the weekend, several Internet users began receiving e-mail purportedly from a Maybank online executive promoting Maybank2U.com services and offering free "Maybank2u online tools'' that could be downloaded from maybank2u.rvx.net, a bogus website.

In.Tech, The Star's weekly information technology pullout, was informed of the hacking attempt by a reader, who also provided a copy of the e-mail.

In an official reponse to enquiries, Maybank on Monday said that maybank2u.rvx was not its website and that the e-mail was fake.

The bank also advised users who received the e-mail to "delete it without accessing the said address or opening any attached files as this could initiate a virus which will affect the user's computer.''

Internet users who accessed the address would have been redirected to a another website that automatically prompted users to download a compressed file, also known as a zip file, onto their personal computers.

The zip file, named maybank2u.zip, contained two programs or executable files, one of which was a malicious program called a "Trojan horse.''

A Trojan horse is a destructive programme that masquerades as a benign application.

Internet user Jason Chong of Johor Baru, who was among the first to alert other users of the hacking attempt, suspects that the Trojan horse operates by fooling users into divulging confidential information, such as their ATM personal identity numbers (PIN), then saving it in a hidden file.

"The program may have the capability of opening a channel from a victim's PC to the hacker whenever the victim is online,'' Chong said.

This channel can then used by the hacker to collect information saved in the hidden file, and other "useful'' information contained in the PC, said the 25-year-old part-time student at Informatics College.

In.Tech has sent a copy of the files to the Malaysian Computer Emergency Response Team (MyCERT) and local information security solutions provider Extol Corporation (M) Sdn Bhd for further analyses.

In addition, In.Tech alerted the bogus website's host, Yahoo!Geocities, on Monday. The site has since been taken down and is no longer accessible.

Maybank launched its Maybank2U.com online banking service in June.