By: Christopher Newton, Associated Press Writer
(AP) The State Department’s e-mail identity was forged by a computer virus that sent itself to law enforcement and media outlets across the country, a department official said Tuesday.
Variants of the virus, called Klez, have been spreading since the late 1990s and are transmitted through e-mails and attachments. Klez does not destroy computer files but can clog up mail systems and corporate networks.
Saturday, the virus sent hundreds of e-mails with the return address of the State Department’s public affairs office, said a State Department official, speaking on the condition of anonymity.
A computer is infected with Klez the moment a computer user opens an e-mail attachment containing the virus. Once loose, the virus seeks out and copies e-mail identities stored in the computer user’s programs. The virus spreads by sending itself to the addresses contained on stolen “listservs,” or electronic mailing lists.
The virus could have gained a copy of the State Department’s listserv from any computer it infected on which a user had received an e-mail from the department. It may have infected a computer at the State Department, the State official said.
The process is called “spoofing” by Internet hackers.
“The virus would never had to have had access to a single State Department computer to have spoofed the address,” said Steve Trilling, senior director of research at the Internet security firm Symantec. “It’s like tacking on a false return address on a letter and sending it to someone who is used to receiving mail from that address. They are much more likely to open it than if it came from a stranger.”
The State Department sent an apology to those who received the e-mail.