HBOS and RBS targeted by latest computer virus seeking passwords

Website addresses for the two Scottish banks are included in the BugBear.B virus’ software code, along with those of 1,300 other banks around the world.

The discovery prompted US authorities to warn American financial institutions about what private security experts believe to be the first internet attack aimed primarily at a single economic sector.

An HBOS spokesman said the bank was aware of the virus, but said the targeted sites were "brochure sites", which provided information for retail customers but would not allow entry to its system. "Our prime concern is customer security and that does not come into the equation here," he said.

Experts said the software was programmed to determine whether a victim used an e-mail address that belonged to any of the financial institutions listed in its blueprints. If a match was made, it tried to steal passwords and other information that would make it easier for hackers to break into a bank’s networks.

The software transmitted stolen passwords to ten e-mail addresses, also included in the blueprints.

The virus has spread to tens of thousands of personal computers since first being detected last week, but investigators and industry experts said they were unaware of any financial institutions being significantly affected.

US Treasury Department official Michael Dawson said that so far, "we have not seen any adverse impact on financial institutions". He added that the virus became "a heightened threat to the financial system" last Thursday, with the industry being warned immediately.

US banking industry executives were concerned at being targeted, but said they were unaffected because of tight security. An FBI spokesman confirmed the agency was trying to trace the author of the attacking software.