Particularly compromised was the U.S. Consulate General for St. Petersburg. But by the time Sophos researchers checked the site, the infection had been eradicated. But a review of archived pages revealed the malicious code.
As of Thursday, Sophos customers were still being blocked from accessing the St. Petersburg consulate Web server, which is hosted on the stpetersburg.usconsulate.gov and www.stpetersburg-usconsulate.ru domains.
Sophos said the hackers were probably seeking out any vulnerable sites and happened upon the State Dept. sites.
"The malware writer was looking for vulnerable sites and happened upon that site," a researcher said. "It was a malware that allowed for remote access and it also attempted to download additional malware from a remote server."Another State site in Russia, the Moscow embassy's site, is associated with emails disseminating viruses, according to McAfee's SiteAdvisor.
"After entering our e-mail address on this site ... we received two e-mails that contained a virus," McAfee said in the alert.