Two-factor banking security systems threatened by Trojan

Internet banking authentication systems including two-factor security systems are being threatened by a new Trojan.

The new Trojan, spotted in various forms in recent weeks, poses a potentially serious threat to most authentication systems being rolled out by banks to protect their electronic customers.

"Most of the banks' two-factor authentication systems centre around the use of a customer-supplied password, plus a unique, one-time code generated by an electronic token such as a SecurID unit or a user's mobile phone," said Geoff Sweeney, CTO at security behavioural analysis firm Tier-3.

"This new Trojan, called Silentbanker, allows hackers intermediary access to the information stream from the user, allowing them to create a man in the middle type attack during an e-banking session.

"This effectively counters the protection afforded to users by the two-factor authentication technology," he said.

Sweeney said updated security software should spot the Trojan, but he added that modified versions of the threat could potentially evade established security systems.