{"id":72329,"date":"2012-01-13T12:38:56","date_gmt":"2012-01-13T12:38:56","guid":{"rendered":"https:\/\/localhost\/wordpress\/?p=72329"},"modified":"2012-01-13T12:38:56","modified_gmt":"2012-01-13T12:38:56","slug":"phishing-campaign-using-spoofed-us-cert-emails","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/phishing-campaign-using-spoofed-us-cert-emails\/","title":{"rendered":"Phishing Campaign Using Spoofed US-CERT Emails"},"content":{"rendered":"<p>Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable file.<\/p>\n<p>The emails are sent from the spoofed email address <strong>soc@us-cert.gov<\/strong> with the subject line: &#8220;Phishing incident report call number: PH0000003863970&#8221;.<\/p>\n<p>The fake warning claims US-CERT has opened the incident number PH0000007135030 and invites recipients to enquire about updates at &#8220;soc@us-cert.gov&#8221; with the reference PH0000006681938.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/blogarchive.quickheal.com\/uploads\/cert.JPG\" alt=\"\" width=\"518\" height=\"532\" \/><\/p>\n<p>The attached zip file is titled &#8220;US-CERT Operation Center Report {Random value or string}.zip&#8221;.The zip attachment contains an executable file with the name &#8220;US-CERT Operation CENTER Reports.eml.exe&#8221;.<\/p>\n<p>Quick Heal detects this &#8220;US-CERT Operation CENTER Reports.eml.exe&#8221; file as the <strong>TrojanDropper.Injector.bsab<\/strong> trojan, which is used to spy on information mostly related to bank access and transactions.<\/p>\n<p><a href=\"https:\/\/www.quickheal.com\/\">Quick Heal<\/a> advises users to not open the email or any of the attachments and to promptly delete the email from their inbox.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Phishers are using spoofed email addresses from the US Computer Emergency Response Team (US-CERT) to trick recipients into downloading a malicious executable file. The emails are sent from the spoofed email address soc@us-cert.gov with the subject line: &#8220;Phishing incident report call number: PH0000003863970&#8221;. The fake warning claims US-CERT has opened the incident number PH0000007135030 and [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[22,23,49,25,40],"class_list":["post-72329","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-email-malware","tag-fraudulent-email","tag-malware","tag-phishing","tag-trojan"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72329"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=72329"}],"version-history":[{"count":0,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/72329\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=72329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=72329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=72329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}