HSBC home banking web site trojan "false report",says bank

A report on the UK Crypto security mailing list this morning claims that HSBC's Personal Banking website had been infected by malware. However, the bank says that the fault lies in the AV software used to scan the site from the user's computer, not in any security breach.

According to list member Peter Tomlinson:

This morning (Saturday) HSBC's Personal Banking web site has a Trojan that tries to download when you click 'Login' from the general HSBC portal page. Kaspersky reports Trojan.HTML.Agent.ce.

I found it at 10.10. HSBC call centre didn't know at 10.30 - but the lady there found that she could not log in, went away, came back, told me that the company did know and is trying to fix it (one hour was suggested)... So why did they not just kill the site?

HSBC Business Banking (accessed from the same portal) is OK.

Peter

The same poster reported later that the Trojan had been removed:

The HSBC site was indeed working again, and securely (at least Kaspersky s/w thought so), within the hour.

Peter

HSBC told ZDNet UK this afternoon that "HSBC has not been hit by a Trojan, but the latest update to Kaspersky AV software is generating messages on some secure websites (including ours) when none is warranted".