Just when you thought it was safe to order online, the Washington Post reports this:

A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site, government computer security experts warned this week.

Hundreds of Web sites have been targeted by the virus, which exploits flaws in Microsoft Corp.'s Windows Internet software, according to an alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT), a division of the Department of Homeland Security.

Infected sites were programmed to connect people using the Microsoft Internet Explorer browser to a Web site that contains code allowing hackers to record what users type, such as passwords and credit card and Social Security numbers. The code then e-mails that information to the anonymous attackers.

Government officials would not identify the infected sites; computer security vendors said many have taken steps to fix the problem. In addition, most large Internet service providers have stopped forwarding Web traffic to the Russian Web site that apparently hosts the software that records what is typed, minimizing the theft of data, officials said.

Among the several Web sites hit by the virus, dubbed "js.scob.trojan" by one antivirus vendor, were the Web sites of the Kelley Blue Book automobile pricing guide and MinervaHealth Inc., a Jackson, Wyo., company that provides online financial services for hospitals and health care businesses.