I like this part: "The malware will harvest customer credentials and credit cards using different components, encrypting the data immediately before it is woven into a realistic-looking jpg."
I don't quite feel that e-tailers are idiotic here. Social engineering ain't exactly something people are good at detecting even after they've been trained. Repeatedly. Humans are usually inclined by nurture to be cooperative (ignoring nature). I'd say they're being human.