Nearly two dozen PCs in Japanese government offices found to have Trojan horse viruses

The ministry announced Friday that 22 PCs have been infected.

The incident is similar to recently revealed cyberattacks targeting the country's House of Representatives, the House of Councillors and Foreign Ministry computers.

The viruses found in the internal affairs ministry's PCs are similar to ones found in the other recent cases.

Although the ministry was told of the possibility of infection in mid-September, it did not conduct a full investigation into the matter until late October, when the cyberattacks on other government entities came to light.

The ministry will check PCs used by about 8,000 officials to confirm whether they have been infected and if any government information has been leaked.

According to the ministry, the virus apparently reached the computers via emails that were sent on the morning of July 28. Email subject lines include "Documents released by the (government's) emergency disaster relief headquarters" for the Great East Japan Earthquake.

The sender's name was Japanese and the mail address belonged to a free email service.

The ministry said it is still investigating whether the sender's name was legitimate. It is also checking whether the contents of the attached file were the same as those of documents from the real disaster relief headquarters.

The 22 infected PCs were from about 10 divisions of the ministry, including two local bureaus. After analyzing one PC, the ministry discovered a Trojan horse virus, which allows a person to remotely manipulate a computer.

It is believed an official opened an attached file, resulting in the infection. The infected PCs include one belonging to a senior-level division chief.

The infected PCs were repeatedly accessed by servers in the United States, India and Taiwan, according to the ministry. The most-accessed PC was accessed about 150 times.

The ministry pointed out that information may have been stolen and said it will investigate further.

The ministry said it received a warning from the Cabinet Office's National Information Security Center, which monitors information transmissions of ministries and agencies, on Sept. 13. The NISC informed the ministry there had been failed attempts by ministry computers to access outside sites. The ministry temporarily blocked outside access and conducted checks, but it did not detect viruses and allowed staff to use PCs as usual, the ministry explained.

In late October after the series of cyberattacks on other government entities came to light, the ministry re-examined the situation and asked an information security company to conduct inspections. The company found the infections Wednesday, and the ministry removed the 22 PCs from its network.

An official of the ministry's information system office said, "Even though the viruses were unknown and we couldn't find them, we can't deny the possibility we could have taken countermeasures a little earlier."

(c)2011 The Yomiuri Shimbun (Tokyo)
Distributed by MCT Information Services