A report on the U.K. Crypto security mailing list claims that HSBC's Personal Banking Web site had been infected by malware. However, the bank says that the fault lies in the AV software used to scan the site from the user's computer, not in any security breach.
According to list member Peter Tomlinson:
"Last week, HSBC's Personal Banking Web site has a Trojan that tries to download when you click 'Login' from the general HSBC portal page."
"Kaspersky reports Trojan.HTML.Agent.ce., "I found it at 10.10am. HSBC call centre didn't know at 10.30am--but the lady there found that she could not log in, went away, came back, told me that the company did know and is trying to fix it (one hour was suggested)... So why did they not just kill the site?"
"HSBC Business Banking (accessed from the same portal) is OK."
The same poster reported later that the Trojan had been removed:
"The HSBC site was indeed working again, and securely (at least Kaspersky software thought so), within the hour."
HSBC told ZDNet Asia's sister site, ZDNet UK this afternoon that "HSBC has not been hit by a Trojan, but the latest update to Kaspersky AV software is generating messages on some secure Web sites (including ours) when none is warranted".