US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security (DHS). The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.
US-CERT encourages users and administrators to take the following measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Refer to Cyber Security Tip ST04-014 - Avoiding Social Engineering and Phishing Attacks
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.