Beware of Windows 10 scam
With 14 million users and counting, those who haven’t gotten their Windows 10 update are understandably jumpy about missing out on Microsoft’s latest edition of their popular operating system. However do be careful as there are emails circulating to scam the public. The email appears to come from an official Microsoft address, update@microsoft.com, adding to its authenticity, but don’t be fooled — Microsoft isn’t going to send you an email with Windows 10 as the attachment.
The email is pretty obviously fake as there are certain characters that don’t parse properly. A company like Microsoft is sure to make sure their email is displayed perfectly on any device. If you were to ignore all of these signs, download the attached .zip file, extract the software and run the executable anyway, you would immediately find your computer locked by a ransomware variant called CTB-Locker. Here’s what it looks like:
The payload is CTB-Locker, a ransomware variant. Currently, Talos (Cisco) is detecting the ransomware being delivered to users at a high rate. Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system. Also, by utilizing Tor and Bitcoin they are able to remain anonymous and quickly profit from their malware campaigns with minimal risk.
Pokdepinion: Windows 10 is a welcome improvement over Windows 8.1, but nothing to risk getting scammed over. If you can’t wait for Windows Update to download the update for you, you can use the media creation tool to download the ISO or just the update. Have fun with Windows 10!
I think the key takeaway here is to always be careful of attachments.
In this case, the title is a Windows upgrade for free offer.
One would assume that if this is a free upgrade then the email receiver must be using Win7 / Win8. Also, since the email is received from Microsoft, the OS installed should be legit since Microsoft would only have contact information of legit Windows buyers who have the Microsoft Live account.
Using that logic, it would be weird if Microsoft would be sending update via email while it already has Windows Update that serves the same function.
Thus, one shouldn’t try and download the attachment since it is dubious and weird.