There's been a certain amount of excitement in the last day or so about ZeuS-related malware that appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group) in order to make it look more official and persuade victims to click on the malicious attachment.
I've gone into more detail in an article for SC Magazine's Cybercrime Corner on Retrophitted Retrophish.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
