The email message below: "Your Atmos Energy Bill is Available online," has a link to a virus or Trojan horse that will infect your Windows computer if you open it. The email message was not sent by US natural gas provider Atmos and was designed to trick the recipients into downloading and opening a malicious Trojan horse file disguised as a Microsoft Word Atmos Energy bill.
The “Your Atmos Energy Bill is Available Online” Virus Email
Subject: Your Atmos Energy Bill is Available online
Your latest Atmos Energy bill is now available to view online.
Click here to find out why natural gas is the best choice for clean and responsible energy use.
Account Number : 1233080900
Bill date: 01/02/2014
Current Charges: $15.70
Total Amount Due: $15.70
Payment Due Date: Due upon receipt
Past Due Date: 01/25/13
To view your most recent bill, please click here. You must log-in to your account or register for an online account to view your statement.
There are many options to pay your bill. Sign up for the Automatic Payment Plan to have your payment automatically deducted from your bank or credit card. Pay electronically online at the Account Center, visit an Authorized
Payment Center or send a check by mail.
Our monthly bill inserts keep you current on natural gas safety information, energy-saving tips, regulatory updates and more. Click here to view the monthly inserts.
Atmos Energy appreciates your business.
EMAIL ADDRESS RESPONSIBILITY
It is the customers responsibility to pay the Atmos Energy bill and to inform Atmos Energy of any address changes (email or street address) so the bill can be delivered promptly.to ensure timely receipt of your bill and other communications, copy this e-mail address into
your approved mailing list, so it is not blocked by your protection software. Atmos Energy respects your e-mail privacy and does not sell or share your address with others.
------
This message was designed to trick the recipients into downloading a malicious file (Trojan horse), by claiming that they can click the links in it to view their recent Atmos bill or find out why natural gas is the best choice for clean and responsible energy use.
If you click anyone of the links, you will be taken to a compromised website that will download a Trojan horse file disguised as a Microsoft Word document Atmos bill to your computer.
The file is NOT an Atmos bill, but Zip or compressed file, which contains one of the Windows malicious executable files:
- AtmosBill_Your_City_Here.exe
- AtmosBill_Sequim_98382.exe
When we scanned these files, the following threats were detected:
- Gen:Variant.Graftor.126406
- TR/Graftor.126406
- Gen:Variant.Graftor.126406
- a variant of Win32/Kryptik.BSGQ
- Gen:Variant.Graftor.126406 (B)
- W32/Kryptik.BSGQ!tr
- Trojan.Win32.Meredrop
- Backdoor.Win32.Androm.bksn
- Gen:Variant.Graftor.126406
- TrojanDownloader:Win32/Kuluoz.D
- PE:Malware.FakeDOC@CV!1.9C3C
Once your computer has become infected with this malicious Trojan horse delivered by the Asprox/Kuluoz botnet, the cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.
Now, if you have already opened the malicious Atmos bill, please do a full scan of your computer with the antivirus software installed on it.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.
Click here for a list of email attachments you should never open, regardless of where they came from.