Still using Internet Explorer?

glassdog: "Pop up thievery": "visitors to some bank sites - including Citibank, Deutsche Bank and Barclays Bank - see an otherwise innocuous but annoying pop-up ad that plants a file on their computer called img1big.gif which is, actually, a small executable that goes into action any time it sees the user login to a secure HTTPS session at a site URL that includes any long, banking-related string of characters."

"Then, it simply records the login and password info and now it knows how to get into your online bank account. Voila!"

More about this here.