[ISN] Hundreds of law enforcement, media outlets receive computer virus from forged State Department e-mail address

From: InfoSec News (isnat_private)
Date: Wed May 22 2002 - 01:43:52 PDT

  • Next message: InfoSec News: "Re: [ISN] Alert issued for China's next cyber attack"

    [I will say that I did get several copies of the mail/virus mentioned 
    below, and unlike the teeming hundreds that have sent out the Klez 
    virus to addresses here, the State Department sent out an apology note 
    for the virus, which is a first in my book.  - WK]
    May. 21, 2002
    WASHINGTON (AP) - The State Department's e-mail identity was forged by 
    a computer virus that sent itself to law enforcement and media outlets 
    across the country, a department official said Tuesday.
    Variants of the virus, called Klez, have been spreading since the late 
    1990s and are transmitted through e-mails and attachments. Klez does 
    not destroy computer files but can clog up mail systems and corporate 
    Saturday, the virus sent hundreds of e-mails with the return address 
    of the State Department's public affairs office, said a State 
    Department official, speaking on the condition of anonymity.
    A computer is infected with Klez the moment a computer user opens an 
    e-mail attachment containing the virus.
    Once loose, the virus seeks out and copies e-mail identities stored in 
    the computer user's programs. The virus spreads by sending itself to 
    the addresses contained on stolen ``listservs,'' or electronic mailing 
    The virus could have gained a copy of the State Department's listserv 
    from any computer it infected on which a user had received an e-mail 
    from the department. It may have infected a computer at the State 
    Department, the State official said.
    The process is called ``spoofing'' by Internet hackers.
    ``The virus would never had to have had access to a single State 
    Department computer to have spoofed the address,'' said Steve 
    Trilling, senior director of research at the Internet security firm 
    Symantec. ``It's like tacking on a false return address on a letter 
    and sending it to someone who is used to receiving mail from that 
    address. They are much more likely to open it than if it came from a 
    The State Department sent an apology to those who received the e-mail.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 22 2002 - 04:13:53 PDT