According to Andrew Brandt, a senior security researcher with IT security vendor Webroot, the attacks centre on an attempt to push down the Trojan-Backdoor-Zbot password malware to Spaniards.
It may also, he says, signal a resurgence of a wave of attacks that took place throughout 2009 when hackers tried to "convince gullible Internet users in different countries to download and execute Zbot installers poorly disguised as transaction records or other important financial documents."
Writing in his security blog, Brandt said that a bogus Banco de Espaqa website came and went quickly last week, but not before Webroot's research team "took a deep dive and came up with a mouthful of malware."
"Believe me, it tasted terrible", he said.
Brandt says that the page – which was designed to closely mimic the appearance of the Spanish central bank's website – was a clone of the previous fake-bank pages used to foist Zbot malware on to victims.
Previous campaigns of this type, he says, targeted victims by spoofing the sites belonging to Visa, Bank of America, the FDIC, the American Bankers Association, NACHA, the IRS and Amazon.com.
Other sites abused in this way, he says, included iTunes, Facebook, MySpace, AOL and many others.