As many as 50,000 email account credentials are being used to steal banking details and turn target computers into malware distributers, according to security firm Seculert.
Cridex malware, also called Geodo, is said to spread itself through emails written in German - the aim being to steal sensitive data from financial groups such as Sparkassen-Finanzgruppe.
Aviv Raff, CTO of Seculert, said: "Geodo can compromise the intellectual property of a corporation, putting its business and reputation at risk.
"This new email worm capability displayed by Geodo serves to further emphasise the growing threat of advanced malware to today's enterprises."
Once installed Geodo downloads another piece of malware which then communicates with a command and control (C&C) server before sending out emails containing the virus disguised as a PDF.
Almost half of the stolen credentials were from Germany, with another quarter originating from around Europe, though the source of the account information is not known.