Yes, you heard me correctly.

http://isc.sans.org/presentations/banking_malware.pdf

Describes an attack on IE where a file named img1big.gif installs and runs an IE Browser Helper Object that steals information before SSL transmission and sends copies to http://www.refestltd.com/cgi-bin/yes.pl

Visit the wrong website and IE is invisibly bugged. The thing that is scary is that the gif image is decompressed (UPX compression) and installed with a trojan dropper, then the data is sent using a very crude encryption algorythum. This is designed to beat filtering solutions designed to scan traffic for key words. If you do online banking, be sure to check this out.