HSBC banking web site trojan
Alexander Hanff
no2dpi at googlemail.com
Sun Aug 16 12:41:41 BST 2009
Peter Tomlinson wrote:
> Mary Hawking wrote:
>> In message
>> <mailman.2.1250405286.30815.ukcrypto at chiark.greenend.org.uk>,
>> ukcrypto-request at chiark.greenend.org.uk writes
>>> Rupert Goodwins at ZDNet UK spent much of the day trying to find out
>>> from HSBC PR what was going on.
>>>
>>> http://bit.ly/IrOUj
>>>
>>> has the results: the bank says that the problem is false alarms from
>>> Kaspersky's a-v software.
>>>
>>> wg
>> Do/should we believe them - especially as Peter actually captured the
>> Trojan?
>> And if they are to be believed, and there was no Trojan, where did
>> the Trojan Peter caught come from?
> I'm more inclined to think that, if indeed there was no Trojan, this
> could have been a signature clash between whatever HSBC was sending as
> part of the web page and some section of the Trojan that Kaspersky's
> database had analysed.
>
> Peter
>
>
>
>
Call me cynical but I am rather more inclined to go along with Mary's
point of view on this one. If you were a large bank would you want to
admit your system's security had been compromised? It is one thing them
saying it was a false positive but how about actually providing some
proof to back it up? Banks lost their right to consumer trust a long
time ago and I would not take their word for anything without evidence
to support it.
Alexander Hanff
More information about the ukcrypto
mailing list