Your Atmos Energy Bill is Available Online – Virus Email

Your Atmos Energy Bill is Available Online – Virus Email

The email message below: "Your Atmos Energy Bill is Available online," has a link to a virus or Trojan horse that will infect your Windows computer if you open it. The email message was not sent by US natural gas provider Atmos and was designed to trick the recipients into downloading and opening a malicious Trojan horse file disguised as a Microsoft Word Atmos Energy bill.

The “Your Atmos Energy Bill is Available Online” Virus Email

Subject: Your Atmos Energy Bill is Available online
Your latest Atmos Energy bill is now available to view online.

Click here to find out why natural gas is the best choice for clean and responsible energy use.

Account Number : 1233080900
Bill date: 01/02/2014
Current Charges: $15.70
Total Amount Due: $15.70
Payment Due Date: Due upon receipt
Past Due Date: 01/25/13

To view your most recent bill, please click here. You must log-in to your account or register for an online account to view your statement.

There are many options to pay your bill. Sign up for the Automatic Payment Plan to have your payment automatically deducted from your bank or credit card. Pay electronically online at the Account Center, visit an Authorized

Payment Center or send a check by mail.

Our monthly bill inserts keep you current on natural gas safety information, energy-saving tips, regulatory updates and more. Click here to view the monthly inserts.

Atmos Energy appreciates your business.


It is the customers responsibility to pay the Atmos Energy bill and to inform Atmos Energy of any address changes (email or street address) so the bill can be delivered ensure timely receipt of your bill and other communications, copy this e-mail address into

your approved mailing list, so it is not blocked by your protection software. Atmos Energy respects your e-mail privacy and does not sell or share your address with others.

This message was designed to trick the recipients into downloading a malicious file (Trojan horse), by claiming that they can click the links in it to view their recent Atmos bill or find out why natural gas is the best choice for clean and responsible energy use.

If you click anyone of the links, you will be taken to a compromised website that will download a Trojan horse file disguised as a Microsoft Word document Atmos bill to your computer.

The file is NOT an Atmos bill, but Zip or compressed file, which contains one of the Windows malicious executable files:

  • AtmosBill_Your_City_Here.exe
  • AtmosBill_Sequim_98382.exe

When we scanned these files, the following threats were detected:

  • Gen:Variant.Graftor.126406
  • TR/Graftor.126406
  • Gen:Variant.Graftor.126406
  • a variant of Win32/Kryptik.BSGQ
  • Gen:Variant.Graftor.126406 (B)
  • W32/Kryptik.BSGQ!tr
  • Trojan.Win32.Meredrop
  • Backdoor.Win32.Androm.bksn
  • Gen:Variant.Graftor.126406
  • TrojanDownloader:Win32/Kuluoz.D
  • PE:Malware.FakeDOC@CV!1.9C3C

Once your computer has become infected with this malicious Trojan horse delivered by the Asprox/Kuluoz botnet, the cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.

Now, if you have already opened the malicious Atmos bill, please do a full scan of your computer with the antivirus software installed on it.

If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.

Never open an attachment that has a name ending with “.exe”, because these are computer programs that can infect your computer with a virus or some other malware.

Click here for a list of email attachments you should never open, regardless of where they came from.

Check the comment section below for additional information, share what you know, or ask a question about this article by leaving a comment below. And, to quickly find answers to your questions, use our search Search engine.

Note: Some of the information in samples on this website may have been impersonated or spoofed.
Was this article helpful?  +
Share this with others:

Comments, Questions, Answers, or Reviews

Comments (Total: 2)

To protect your privacy, please remove sensitive information from your comments, questions, or reviews. We will use your IP address to display your approximate location to other users when you make a post. That location is not enough to find you.

Your post will be set as anonymous because you are not signed in. An anonymous post cannot be edited or deleted, therefore, review it carefully before posting. Sign-in.

The comments, reviews or answers below do not necessarily reflect the views of Online Threat Alerts (OTA).

  • January 8, 2014 at 8:27 PM by info

    <a href="/article/2013/6/6/free-antivirus-software/" target="_blank">Click here for a list of free antivirus software</a>

  • January 8, 2014 at 5:11 PM by an anonymous user from: Newark, New Jersey, United States

    Avast doesn't fix it. It would be great to have the name of some free virus removal software programs that will detect and delete the virus.

Comments Show More Comments (1)

Write Your Comment, Question, Answer, or Review

Your Atmos Energy Bill is Available Online – Virus Email