On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments.
US-CERT advises that users do not open the email or any of the attachments and promptly delete the email from their inboxes.
Reports indicate that SOC@US-CERT.GOV is the primary email address being spoofed but other invalid email addresses are also being used.
The subject of the phishing email is: “Phishing incident report call number: PH000000XXXXXXX” with the “X” containing an incident report number that varies.
The attached zip file is titled “US-CERT Operation Center Report XXXXXXX.zip”, with “X” indicating a random value or string. The zip attachment contains an executable file with the name “US-CERT Operation CENTER Reports.eml.exe”, which is a variant of the Zeus/Zbot Trojan known as Ice-IX.
US-CERT encourages users to do the following to reduce the risks associated with this and other phishing campaigns.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-3502 TrueConf Client…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.