Last updated: December 11, 2012
First published: December 11, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Approved Payment Receipt
Australian Power & Gas Payment Receipt
We have recently received a credit card payment from you, for your Australian Power & Gas account. This payment has been successfully processed and receipt details are shown below in the attached file.
Payment Time: Tue, 11 Dec 2012 07:43:54 +0900
Reference One: 2404390362
Reference Two: 01600833
Payment Receipt Number : 3530928186
Note: This payment will appear on your credit card statement with the merchant reference `Australian Power & Gas`.
The team at Australian Power & Gas
Message includes an attached file named: Australian PowerGas_ReceiptDetails [string of numbers].zip
.zip file contained the payload "Details.pdf.exe".
This email, which purports to be from energy company Australian Power & Gas, contains information about a supposed credit card transaction for an account payment. The message claims that users can open an attached file to read full details of the transaction.
However, the email is not from Australian Power & Gas and the attached file does not contain a transaction record as claimed. The attachment actually consists of a .zip file that contains malware. Unzipping the attached file reveals a malicious .exe file. In an effort to fool people into believing that the file is a harmless PDF, it has been given the double extension .pdf.exe. If uses open this .exe file, the malware will be installed. Typically, such malware can make contact with remote servers controlled by criminals, harvest sensitive information from the compromised computer and download further malware.
Australian Power & Gas has warned customers about the malicious emails via a post on its Facebook Page:
We are aware some customers and non customers have received a fake email claiming to be from us, with a payment receipt and a attached zip file. These e-mails are NOT from Australian Power & Gas. We advise you NOT to open any attachment in those emails as they may contain a virus.
Please delete the email and be assured your personal account details have not been compromised.
If you receive one of these bogus emails, do not open any attachments or click any links that it may contain.