To Customer Support To Customer Support

Wait, STOP – Are you installing Windows 10 or ransomware?

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

This one will be an 'absolute **bleep**,' say security bods

31 Jul 2015 at 22:09, Iain Thomson
 
Cisco's security team has noticed a new spamming campaign attempting to spread the CTB-Locker ransomware using emails purporting to come from Microsoft, telling people they are ready to download Windows 10.
 
The emails mimic the actual Windows 10 messages Redmond is sending out (with some minor text mistakes) and have spoofed the originating address to read as update@microsoft.com, although the sender's IP address can be traced back to Thailand. There's also a Microsoft disclaimer, and a message claiming the files have been cleared as virus-free by Mailscanner.
 

Not a bad spoof email, but not a great one either
 
Full Article

11 replies

Baldrick
Rank
Userlevel 7
Sorry to say but...I have been waiting for this one and all I can say is what took them so long (just goes to show what a cynic I am in my dotage).  At every, but I mean every opportunity, there will be some miscreant ready and waiting to try to take advantage of innocent people...and no doubt they will succeed in making some poor peoples life a misery as a result.
 
I really think that the nations of the world show come together under, say, the United Nations banner and seek to root out these **bleep** once and for all.
 
:@
 
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
I agree, they never miss a chance do they but they are a bit later this time.
R
Rank
Userlevel 7
By  David Ndichu Published  August 2, 2015
Caution is urged as scammers try to take advantage of the recent Windows 10 launch to have eager but unsuspecting PC users download ransomware onto their PCs.
According to Cisco, cyber criminals are impersonating Microsoft in an attempt to exploit their user base for monetary gain. They are doing this by spoofing the email to look like it is coming directly from Microsoft (updatemicrosoft.com). The email purports to contain the installer package for Windows 10. The attackers are even using a similar colour scheme to the one used by Microsoft.
Cisco experts have been able to unmask the attackers, establishing that the message actually originated from IP address space allocated to Thailand.
Once a user opens the email, downloads the attached zip file, extracts it, and runs the executable, they get a message informing them that their PC has been infected and their files encrypted by CTB-Locker. They are then told to pay a certain amount of money within 96 hours to have their files decrypted or they lose them forever.
 
full article
Asklepios
Rank
Userlevel 6
@ wrote:
I agree, they never miss a chance do they but they are a bit later this time.
It's summer and holidays time;)
Regards, Asklepios
Asklepios
Rank
Userlevel 6
QUESTION : Are we correctly protected against this by Webroot ?
Regards, Asklepios
Baldrick
Rank
Userlevel 7
Hi Asklepios
 
Let's be sensible here...the best protection in realtion to this is common sense. There is only so much that security software can do and to fully protect against this you would have to lock down your system to such an extent it would be tedious to use.
 
No, if you go ahead and proceed with falling for the con then whilst WSA can do something to protect you it cannot do all things required...a measure of protection needs to come from the good sense of the user confront with the scam.
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Asklepios
Rank
Userlevel 6
Hi Baldrick
Of course, you are right;)
Regards, Asklepios
Baldrick
Rank
Userlevel 7
Hi Asklepios
 
Kind of you to say so but I would say I am 'wise' due to my advancing years rather than correct, and even the 'wise' can get caught out if not vigilant/sensible.;)
 
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Petrovic
Rank
Userlevel 7
Badge +52
On Firday, Cisco's Talos Group has spotted an email campaign impersonating Microsoft, offering potential victims an attachment that is supposedly a Windows 10 installer (click on the screenshot to enlarge it):

http://www.net-security.org/images/articles/win10-03082015-small.jpg

Even though the email contains several characters that don’t parse properly, the fact that the email seems to come from a legitimate-looking email address (update@microsoft.com), uses a color scheme and disclaimer similar to the one used by Microsoft, and contains an indication that the message attachment has been scanned by an antivirus solution, will likely fool many into downloading and running the attached file.
 
Full Article
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
D
Rank
Userlevel 6
Upgrade to windows 10 now!
 
734KB
 
lol
R
Rank
Userlevel 7
At this point in time one has to be cautious when downloading Windows 10 a lot of scammers out there.

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.