One variant is harmless, but others, more dangerous ones, may exist

Jan 13, 2012 08:56 GMT  ·  By

Emails that pretend to come from New York-based energy company ConEdison, informing recipients that their latest bill is attached, actually hide a dangerous variant of the Zbot malware.

M86 Security Labs inform that the email bears the subject “Billing-Summary-ConEdison as of <Date>” and the attachment that comes in the form of a zip archive contains an executable file that hides the malicious Trojan.

Fortunately, the file’s icon isn’t changed to make it look more innocent which means that recipients can immediately tell that the so-called bill is actually an executable.

This particular variant, found by security experts, can’t communicate with its C&C server because it was taken down and half of the antivirus vendors present on VirusTotal detect the attachment as being malicious.

However, users are advised to be on the lookout for these emails and ignore them as much as possible.