Banks admit new trojan threat to internet banking

IN THE MIDDLE: A new computer nasty, the Trojan.Silentbanker, positions itself between a person's computer and their bank. New Zealand banks have admitted they are vulnerable.

Relevant offers

New Zealand banks say they are vulnerable to attacks from a sophisticated new trojan capable of thwarting two-factor authentication.

Two-factor authentication is the use of two methods of verification to confirm a customer's identity.

This usually involves the customer providing a password and then a unique, single-use code supplied to them via their cellphone or a security token.

Security software company Symantec has issued a warning about the Trojan.Silentbanker, which has so far attacked more than 400 banks worldwide.

Security response manager John McDonald says the "man-in-the-middle" trojan is potentially very serious.

"It gets itself between a person's computer and their bank and while they're doing their bank transactions, it can potentially divert money."

He says the trojan bypasses two-factor authentication. "It gets on the computer and intercepts the information before it gets to the bank."

He says so far no banks with a ".co.nz" domain name are on the list of those targeted.

People can protect themselves by running up-to-date anti-virus software.

"If you're not running up-to-date anti-virus software that catches it, you won't know you've got it," says Mr McDonald.

Banks say they are aware of the trojan but to their knowledge, no customers have been affected by it.

Westpac head of e-business Stu Woollett says it is possible that Westpac customers are vulnerable to the trojan but the bank's monitoring of online activity and transactions should pick up any fraudulent activity.

"Banks that have second-factor solutions need to be thinking about how they're managing this, but it doesn't drive re-evaluation of our model."

Westpac's online guarantee promises to reimburse customers for any losses they suffer through Internet banking fraud.

Kiwibank spokesman Bruce Thompson says every bank is vulnerable to the trojan. He says sophisticated and evolving threats to security mean there is no specific solution, and Kiwibank is continually upgrading protection software.

Bank of New Zealand general manager of strategy and marketing Blair Vernon says BNZ's two-factor authentication system, NetGuard, and transaction-monitoring software make it a hard target.