Now that Windows 10 is out and about, many consumers who “reserved” a spot in the rollout may be disappointed that their copy of the new OS wasn’t available on day one. According to Microsoft, the wait could range from days to weeks. The Windows 10 notification app that resides on the system tray will presumably notify the customer when the update is downloaded and ready to install.
That said, hackers are taking advantage of the Windows 10 wait by sending out emails with ransomware. The email looks legit to the naked eye, with a Microsoft-based color theme and a “from” address field pointing to an update at Microsoft dot com address. However, upon closer examination of the email’s IP address, the message originates from Thailand, not Redmond.
“There are a couple of red flags associated with the text of the email,” writes Cisco in its latest security blog. “As you can see below, there are several characters that don’t parse properly. This could be due to the targeted audience, a demographic using a non-standard character set, or the character set the adversaries were using to craft the email.”
The malicious email contains a ZIP file that must be downloaded and extracted by the user. Inside the ZIP is an executable disguised as a Windows 10 update file, but instead it’s CTB-Locker, a ransomware variant that encrypts the user’s personal files. The infected consumer must fork out money to the hacker within 96 hours or the files will be encrypted forever.
“Currently, Talos is detecting the ransomware being delivered to users at a high rate,” Cisco reports. “Whether it is via spam messages or exploit kits, adversaries are dropping a huge amount of different variants of ransomware. The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system.”
Cisco suggests that consumers back up their data and store the files offline. Of course, customers should also avoid downloading attachments from unknown sources although in this case the email looks like a legit message from Microsoft. Customers should also keep their security solutions up-to-date.
For those not wanting to wait in line for Windows 10, Microsoft offers a tool for creating a bootable USB drive. Customers can run the executable within the Windows 7/8.1 environment or boot into the installer. As far as we know, Microsoft will not send an email stating that the platform is ready to be installed.
From maximumpc
from http://bit.ly/1UkT0ZI
