Rosemary Hardin, a spokeswoman for the Salem, Ore.-based agency, said the malware was discovered on the worker's desktop computer on May 15, after the worker was fired for violating departmental policies that forbid inappropriate Web surfing at work. The Trojan horse was found after IT workers investigated performance problems with the computer. The worker is not being identified by the agency.

An investigation by agency security personnel and the Oregon State Police found that the malicious program was designed to capture keystrokes on the former employee's computer, Hardin said. The employee was an entry-level worker who was assigned to entering taxpayer name and address changes, as well as some Social Security numbers. "We know that the information that the Trojan gathered up was transmitted outside of the agency" to an unrelated Web site. The incident is still under investigation.

Officials at the Department of Revenue don't know whether any of the transmitted information was ever received, she said. None of the information included income tax or banking information for the affected taxpayers.

The Trojan horse was apparently included in a video download or some other similar file saved on the computer by the former employee. "This individual was surfing pornographic sites and other inappropriate sites," she said. The department uses Web blocking software, but the former worker was apparently able to access a porn site that had not yet been blocked by the software, she said.

Internet usage is monitored on a random basis for all 1,000 of the agency's employees, Hardin said, but workers at that time were allowed to conduct personal Web business, such as checking their banking or personal e-mail accounts, during lunch and other breaks. Since the incident, however, workers are no longer permitted to conduct any personal business on agency computers while at work. "We've changed our policy for now to prohibit personal use because we want to minimize the risk of this ever happening again."