I received the following email from my ISP, the IP belongs to the tor exit node. I am wondering if the DHS is sending it out to all tor exit nodes?

We received a notice from Homeland Security that a device using your current IP address is infected the Avalanche Malware. The full details are below. Please run antivirus and network security software on all your devices immediately.

Thank you,

ISP

A trusted third party notified the Department of Homeland Security United States National Cybersecurity & Communications Integration Center (NCCIC) that one or more machines on your network was infected with malware associated with the Avalanche botnet infrastructure during December 2016. Avalanche is a large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns and money mule schemes.
A system infected with Avalanche associated malware may be subject to malicious activity including the theft of user credentials and other sensitive data, such as banking and credit card information. Some of the malware has the capability to encrypt user files and demand a ransom be paid by the victim to regain access to those files. In addition, the malware may allow criminals unauthorized remote access to the infected computer. Infected systems could be used to conduct distributed denial-of-service (DDoS) attacks. For additional information, please see the following US-CERT Technical Alert (TA16-336A): https://www.us-cert.gov/ncas/alerts/TA16-336A