Office of Domestic Security
Florida Department of Law Enforcement
INFO-ALERT: DHS themed domains for ZeuS seeding
The groups behind the ZeuS trojan appear to be getting ready to use DHS themed domains for ZeuS seeding. The following domains were recently created and will probably be used for this next Phishing campaign:
DHSinfo[dot]info, which was created on 09-Mar-2010
DHSorg[dot]org, which was created on 11-Mar-2010
GreyLogic[dot]org, which was created on 11-Mar-2010
GreyLogic[dot]info, which was created on 09-Mar-2010
IntelFusion[dot]org, which was created on 12-Mar-2010
IntelFusion[dot]info, which was created on 08-Mar-2010
It is recommended that those domains be put in your spam filter block lists.
Also, in the coming days be on the look out for emails originating from these domains. Do not click on any links that originate or appear to originate from those domains.
The following best practices are recommended:
(1) Do NOT trust unsolicited email.
(2) Do NOT click links and attachments in unsolicited email messages.
(3) Review antivirus software specific removal guidelines for the malware.
(4) Keep systems up-to-date with the latest patches and antivirus signatures.
(5) Implement URL filtering.
(6) Employ the use of a spam filter.
(7) To educate users about social engineering and phishing attacks, review US-CERT Cyber Security Tip ST04-014, "Avoiding Social Engineering and Phishing Attacks."
(8) Users should refrain from or be administratively prohibited from browsing the Internet using Windows accounts with Administrator level privileges.
For more information:
Devin R. King
Office of Information Technology
225.925.6437 || 225.219.7546
NOTE: This alert is intended for government entities in an effort to identify system-related announcements (system exploits, vulnerabilities, virus attacks, etc.). The information is obtained from several sources including the DHS/US-CERT, SANS and the vendor community. Office of Information Technology (OIT) security personnel do not validate the information. In each instance we will attempt to provide a specific address relative to the problem and the corresponding patch or fix. It is the responsibility of each government entity to determine if these patches or fixes would be applicable to their respective environments.