Certain spyware programs either log your keystrokes (keyloggers) or look for specific files with passwords and send them out to the attacker to use maliciously. I've had this happen to me with FTP passwords and the end result was not pleasant at all as not only did my websites become infected, they infected others as well. So my advice is to immediately change your passwords once you've realized you have some sort of infection, just don't do it on the same computer that's infected for obvious reasons.

Also, in the event that your websites do get infected, block all access to them immediately until you've removed the malicious code to prevent others from getting affected. As for other accounts, especially financial stuff, monitor them closely to see if you see anything suspicious and contact support ASAP.

Thanks for the tip! I've noticed stuff like this on MSN Messenger and Facebook, where it's as if someone's account has been hacked and they appear to be sending everyone spam. I always send them a note to change their password.

I think part of the reason people don't change their passwords more often is just that it's a pain in the neck. They can't remember their passwords or just don't want to take the time. There are password programs to help with this. Trust me, you don't want to experience hackers. It's worth the effort.