Italy's online tourism industry was thrown into chaos when thousands of tourism websites were shut down by a software infection that takes over users' computers.
Nicknamed 'The Italian Job' by security experts, the attack began last week and claimed around 10,000 sites by Monday morning.
Some 80% of affected sites were Italian, and many of them part of the country's vital tourist trade.
The malicious software installed a HTML iFrame on web pages that opened a tool called MPack on users' machines that exploits known bugs via Internet Explorer.
It then sought to install a keylogger and a download channel so that authors can monitor users' activity and install further software. Data captured from users is reportedly sent to a server in Chicago.
Japan-based Trend Micro, which discovered the first attacks, said it found over 4,500 travel sites in Italy had been infected, including http://www.adriahotel.it, http://wwww.bestoftuscany.it and http://www.mothertheesacause.info.
The firm's David Perry said the perpetrators had used software to carry out the attack that was originally bought in Russia.