WARNING: Fake Windows 10 Upgrade Email

Something I have learned over the years, Microsoft is never going to offer you something via email and if it looks fishy it is! So, now there is a ransomware email going around originating Thailand (with the address update@microsoft.com) claiming to be from Microsoft with a Windows 10 installer already attached (how handy!)  First red flag should be getting an unsolicited email from Microsoft, much less one WITH an attachment. Windows Insider Program participants will get emails from Microsoft, but those will not have attachments. Next, there is an encoding issue with the email (likely since it originated from Thailand) though overall it is a lot better put together than other fake emails out there. Finally, there is a message claiming the files have been cleared as virus-free by Mailscanner, which is an Open Source email security system. Microsoft would be using their own email scanner, not a 3rd party.

Fake Windows 10 Upgrade Ransomware Email

Keep in mind if you do get this email, the message itself is harmless. It is the attachment that contains the ransomware. So as long as you don’t open the attachment you are safe. As a rule of thumb you shouldn’t be opening attachments in emails that are unsolicited.  If you do open the attachment, you’ve got major problems (besides not getting Windows 10):

The ransomware is also unusual in a number of ways. It asks for the customary decryption charge in Bitcoin but only gives the user 96 hours to respond, which is a shorter window than is typical of similar malware. It also wants victims to respond via a Tor connection and provides instructions on how to use the protocol.

Williams also said the malware was “unusually chatty”, sending back large amounts of data to command and control servers via hard-coded IP addresses. He speculated this could mean the malware is mining a victim’s files for stuff that looks useful.

via The Register