Hackers are at it again, exploiting the release of Microsoft Windows 10. They’re always looking for a way to hack into your computer system or network to compromise it in some way.  This security bulletin outlines the Cryptolocker malware being spread through free Windows 10 upgrade Phishing emails.  Cisco discovered and reported on hackers hiding Cryptolocker type infections within phishing emails allegedly from Microsoft offering a free upgrade to Windows10 (released on July 29th by Microsoft).[1]

WHAT TO LOOK FOR:Bulletin-Warning

While the upgrade for many home and business users to Windows 10 is in fact free, the emails in question are NOT coming from Microsoft.  Here’s what to look out for:

  1. Email headers show email actually came from an IP address in Thailand.
  2. The character set used by the hackers rendered poorly in the US (see red circles below).
  3. The color scheme is similar but not exactly like Microsoft’s.
  4. The email says it was scanned by MailScanner, giving a false sense of security in trusting the email message.

Bulletin

TOUGH TO CATCH… HERE ARE THE DEAD GIVEAWAYS:

Most users could not be faulted for missing the above clues.  However there are two dead giveaway’s to be aware of:

  • Microsoft will not email you a ZIP attachment for an executable install file. It will link you to their website where you can validate the URL properly (Hint: always validate the site certificate).
  • The launched executable install file is not signed by Microsoft and a warning message pops up alerting unsuspecting users of the issue. See the Big red squares below!

Bulletin-1

WHAT TO DO:

This part is easy.  Cancel the installation immediately and delete the offending email. In the current malware reported by Cisco, you’ll have fortunately avoided a Cryptolocker infection. With other malware you might already have infected yourself because the malicious executable might have already done its harm and you never came to the Open File Security screen shot.

As a best practice, always check for signed software when installing anything on your machine!  Very few companies do not sign their installation executables and Microsoft certainly does.

RECOMMENDED SECURITY BEST PRACTICES:

  1.  Never open Zip File attachments you receive unexpectedly.  Delete it or verify with the sender if you must before launching anything.
  2. When installing software you want, validate the signature is signed by the software vendor.
  3. Always be on the look-out for anonymous emails (Dear Customer), spelling mistakes, poor grammar, suspicious email senders, hidden URL links to the wrong website and you’ll hopefully avoid phishing scams like this!

[1] http://blogs.cisco.com/security/talos/ctb-locker-win10