As if we needed a reminder that it’s not safe to drop our guard against computer viruses, check out this story. PC World Recently highlighted research by security firm Secure Works that had identified a Trojan horse that was largely missed by 30 of the leading anti-virus scanners.

Which probably explains why it was able to infect more than 5,000 personal computers and steal personal information on 10,000 account holders worth an estimated $2 million on the black market.

And who detected the stealth attack? Not a security sleuth, a global crime lab or even a piece of anti virus software, but a user who discovered that a number of web sites he regularly accessed had been hijacked. Investigators discovered that his computer had been infected with a previously unknown Trojan horse now nicknamed Gozi, and had probably infected his computer in the same way it infected thousands of others – because users had failed to update their Internet Explorer browser with fixes for known exploits.

Two lessons can be learned – many attacks are still simple exploits of careless users who still don’t take their personally security seriously enough to do even an occasional browser update that takes just a few minutes; and just as we think anti-virus vendors have got us covered, the bad guys trump them (and us all) with an undetectable attack that can create a huge payoff.