By David Harley posted 11 Jan 2012 at 01:02PM
There's been a certain amount of excitement in the last day or so about ZeuS-related malware that appears to be sent by US-CERT and also misuses the name of APWG (the Anti-Phishing Working Group) in order to make it look more official and persuade victims to click on the malicious attachment.
I've gone into more detail in an article for SC Magazine's Cybercrime Corner on Retrophitted Retrophish.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow
Author David Harley, We Live Security