With the highly publicized release of Microsoft’s Windows 10 on July 29th, scammers and malware developers were quick to jump in and use it as a method of distributing malware. Cisco’s Talos Group has discovered a email campaign underway that pretends to be from Microsoft and contains an attachment that will supposedly allow you to upgrade to Windows 10. In reality, though, this email is fake and once you double-click on the attached file, you will instead become infected with the encrypting ransomware CTB-Locker.
Image of fake Windows Update Email courtesy of Cisco
As you can see the email pretends to be from the email address firstname.lastname@example.org and contains the subject [b]Windows 10 Free Update. Even the email message looks legitimate with no spelling mistakes or strange grammar. This is because the content is copied directly from Microsoft’s site. The only tell-tale sign is that there will be some characters that do not render properly. Unfortunately, this small sign will not be enough for many people to notice.
Furthermore, once they download the attachment and extract it, the attached Win10Installer.exe icon will be the familiar Windows 10 logo.
It isn’t until you inspect the file properties of the attachment, do you see that something is not right as its file description will be iMacros Web Automation and the copyright for the program will belong to Ipswitch. Ipswitch is a legitimate company and not the ones who released this malware.
Finally, if a user double-clicks on the Win10Installer.exe file, they will not be greeted with the normal Windows 10 upgrade screen. Instead, after a brief delay they will be shown the screen for the CTB-Locker ransomware.
At this point, the computer’s data will be encrypted and there is not much that can be done about it.
Michael Kuster opened Digital Age Solution in 2005 after managing Information Technology for various government agencies for many years. Before taking on this venture full-time, he operated a web site design and hosting company, KusterNet, for a decade. After being asked by web site customers to manage and maintain their computers, KusterNet became Digital Age Solution.
Mike maintains a hands-on, active role in the management and delivery of service to customers at Digital Age Solution. Rather than sitting behind a desk, he can often be found running cable on telephone poles, fixing computers on-site, and providing one-on-one support to customers.
Mike lives in Walkersville, Maryland with his wife and three children. He actively serves as a volunteer and board member for several non-profits including 4-H, Federated Charities, and the Town of Walkersville.