Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Hundreds of law enforcement, media outlets receive computer virus from forged State Department e-mail address

From: InfoSec News <isn () c4i org>
Date: Wed, 22 May 2002 03:43:52 -0500 (CDT)
http://www.siliconvalley.com/mld/siliconvalley/3309078.htm

[I will say that I did get several copies of the mail/virus mentioned 
below, and unlike the teeming hundreds that have sent out the Klez 
virus to addresses here, the State Department sent out an apology note 
for the virus, which is a first in my book.  - WK]


May. 21, 2002

WASHINGTON (AP) - The State Department's e-mail identity was forged by 
a computer virus that sent itself to law enforcement and media outlets 
across the country, a department official said Tuesday.

Variants of the virus, called Klez, have been spreading since the late 
1990s and are transmitted through e-mails and attachments. Klez does 
not destroy computer files but can clog up mail systems and corporate 
networks.

Saturday, the virus sent hundreds of e-mails with the return address 
of the State Department's public affairs office, said a State 
Department official, speaking on the condition of anonymity.

A computer is infected with Klez the moment a computer user opens an 
e-mail attachment containing the virus.

Once loose, the virus seeks out and copies e-mail identities stored in 
the computer user's programs. The virus spreads by sending itself to 
the addresses contained on stolen ``listservs,'' or electronic mailing 
lists.

The virus could have gained a copy of the State Department's listserv 
from any computer it infected on which a user had received an e-mail 
from the department. It may have infected a computer at the State 
Department, the State official said.

The process is called ``spoofing'' by Internet hackers.

``The virus would never had to have had access to a single State 
Department computer to have spoofed the address,'' said Steve 
Trilling, senior director of research at the Internet security firm 
Symantec. ``It's like tacking on a false return address on a letter 
and sending it to someone who is used to receiving mail from that 
address. They are much more likely to open it than if it came from a 
stranger.''

The State Department sent an apology to those who received the e-mail.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: