Menu Search Hoax-Slayer

PG & E Energy Statement Malware Emails

Outline
Emails purporting to be from US energy service provider PG & E notify recipients that their most recent energy statement can be viewed by following a link.


Brief Analysis
The emails are not from PG & E. The link opens a compromised website that harbours malware. If installed, this malware can connect the infected computer to a botnet and download further malware. Subject lines and other details in the malware emails may vary.

Example

Subject: Gas and Electric Usage Statement

Account No: 138475201-6
PG & E ENERGY STATEMENT                                
Statement Date: 01/10/2014
Due Date: 02/01/2014
 
Your Account Summary

Amount Due on Previous Statement
Payment(s) Recieved Since Last Statement

Previous Unpaid Balance

Current Electric Charges
Current Gas Charges  

$344.70
0.0

$344.70

$165.80
49.20  To view your most recent statement, please click here You must log-in to your account or register for an online account to view your statement.

Total Amount Due BY 02/01/2014 $559.7

PG & E statement Malware



Detailed Analysis
Fraudulent emails claiming to be from US energy provider Pacific Gas and Electric (PG & E) are currently being distributed.  The fake emails notify users that their most recent energy statement is available and can be viewed by following a link.  The messages include what is supposed to be a breakdown of the user's current bill.




The emails are not from PG & E as claimed. Clicking the link in the emails takes users to a compromised website that contains the Kuluoz malware.  Kuluoz can add the infected computer to the Asprox botnet. It may also download and install further malware.

Subject lines in the emails may vary. While some may have the subject line shown in the above example, others may have the subject "Delivery Canceling". Other details in the emails may also vary in different versions.

This campaign is very similar to another recent malware attack that claimed that the recipient's Atmos energy bill could be viewed by clicking a link. Again, the link opened a website that contained Kuluoz.

If you receive one of these emails, do not click on any links or open any attachments that it may contain.


Last updated: January 14, 2014
First published: January 14, 2014
By Brett M. Christensen
About Hoax-Slayer

References
Pacific Gas and Electric Company
Delivery Canceling - Energy Statement - Malware
'Your Atmos Energy Bill is Available' Malware Email

© Brett M.Christensen, 2014. All Rights Reserved.

Go to Desktop Version