Trade Me says it will do everything it can to "nail" the cybercriminals who targeted users of its popular auction site with malicious software.
The malware was part of an online advertisement, purportedly for Lonely Planet, that appeared on the Trade Me website over two days last week.
It told users their computers were affected by a virus and prompted them to download a virus-removal program, which was actually a virus.
However, the malware targeted only those users with out-of-date operating systems, web browsers or antivirus software.
Trade Me spokesman Paul Ford said the vast majority of users would not have seen the ad or received the invitation to download the infected software.
The company had been contacted by nearly 50 people, but only five had their computers affected.
The company removed the ad as soon as it was aware of the issue. It was on the site from Thursday morning until midday Friday.
Mr Ford said police had been contacted.
"We will be doing everything we can to nail the cybercriminals responsible."
Trade Me apologised to anyone who had been affected.
"We take our status as a trusted marketplace very seriously and we have let our members down," Mr Ford said.
"We have processes in place to prevent ads like this appearing but unfortunately this one snuck through and we are gutted that it happened.
"At the moment we're focused on helping our members and making sure it doesn't happen again."
The incident was a reminder to keep operating systems and software up-to-date, and not to download "anything that looks remotely dodgy".
NZPA