Phishers are spoofing email addresses belonging to US-CERT, an arm of the Department of Homeland Security that coordinates information sharing related to cyber threats, to trick users into installing malware. According to an alert
Tuesday, a campaign is currently underway that targets a number of private and government organizations. The messages contain a .zip attachment, "US-CERT Operation Center Report," which is actually a malicious executable file. The alert recommends that recipients immediately delete the socially engineered emails.