Windows users, beware: This fake update could lock up your PC, or worse

CNET Technology 3 weeks ago

With the end of support for Windows 7 coming in January, many users are looking to update to Windows 10 to continue getting security updates and support from Microsoft. According to a Tuesday report from security firm Trustwave, attackers are well aware of this and are targeting Microsoft users with fake Windows update emails that will infect computers with ransomware -- an especially sinister type of malware that locks up valuable data on your computer, and demands that you pay a ransom to release it or your data will be destroyed. 

The spammers are sending some Windows users emails with subject lines "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!" The emails, which claim to be from Microsoft, include one sentence in the message body, which starts with two capital letters, Trustwave found. They ask recipients to click an attachment to download the "latest critical update." 


The attachment has a .jpg file extension, but is actually a malicious .NET downloader, which will deliver malware to your machine. The ransomware, called bitcoingenerator.exe, encrypts the recipient's files, and leaves a ransom note titled "Cyborg_DECRYPT.txt" on their desktop, asking for $500 in bitcoin to unlock the files. 


The ransomware came from a Github account, which was active during Trustwave's investigation but has since been removed, the firm noted. Still, this form of ransomware can be created and spread by anyone who gets hold of the builder, attaching it to different types of emails to get through spam filters. 

Most ransomware attacks come in through email, so users should be wary of opening any email attachment or link from an unknown sender, even if it seems to be from a reputable company (hackers impersonate Microsoft more than any other brand when sending spam emails, a May report from Vade Secure found). Misspelled words or poor formatting are often clues of an attack. 

"This is a very common type of phishing attack -- where the attacker tries to convince the target to open a malicious attachment," Karl Sigler, threat intelligence manager of Trustwave SpiderLabs, said in an email. "Windows users should understand that Microsoft will never send patches via email, but rather use their internal update utility embedded in every current Windows operating system. Users should always be wary of any unsolicited emails, especially those that present urgency to open attachments or click on links." 

For more, check out 4 ways to avoid the next Petya or WannaCry attack

Source link
Read also:
Forbes › 2 months ago
As if there weren't enough problems with the Windows 10 update process, now the Windows Update Assistant itself has a confirmed security vulnerability. Here’s what you need to do.
Business Insider › Lifestyle › 1 month ago
To turn on caps lock on a Chromebook, you'll need to use a specific keyboard shortcut — there is no caps lock button. When you turn on caps lock, you'll see a pop-up confirmation message on your Chromebook's screen. Visit Business Insider's homepage...
Business Insider › Lifestyle › 2 months ago
You can quickly and easily scan a document in Windows 10 using the Windows Scan app. Windows Scan allows you to scan both documents and images, immediately saving them to your computer in an image format. Visit Business Insider's homepage for more...
Business Insider › Lifestyle › 3 weeks ago
You can test a microphone on a Windows 10 computer to ensure it's plugged in correctly and working. To test your microphone, you'll need to open Windows' Sound Settings menu. When you test your microphone, Windows will check your current audio input...
Chicago Tribune › Opinions › 1 month ago
Broken windows policing came to mean stop-and-frisk tactics and high-volume misdemeanor arrests. But you know which version of the broken windows theory really does appear to work? Fixing windows.
Business Insider › Lifestyle › 2 weeks ago
You can easily switch desktops on a Windows 10 computer to organize your activities by opening multiple virtual desktops. When you are on a particular desktop, Windows hides all of your other work. Windows 10 lets you see all of your open desktops or...
Business Insider › Lifestyle › 1 month ago
You may need to search your Windows 10 computer to locate files, folders, or programs. You can search your computer via the Taskbar or Windows File Explorer. Windows 10's search feature is the quickest way to explore your machine. Visit Business...
Business Insider › Lifestyle › 1 day ago
You can create a new user profile in Windows 10 to share your Windows computer with another person, without giving them access to your private documents. You don't need a Microsoft account to add a new user profile to Windows 10. To create a new user...
Forbes › 2 months ago
Microsoft "strongly recommends" that 800 million Windows 10 users should install one critical update before the rest this October. Here's what you need to know.
Business Insider › Lifestyle › 1 week ago
You can check for updates on a Windows 10 PC by going to your "Update & Security" menu. Windows 10 is usually set to update automatically, but you can still check for updates manually, whenever you like. Updates are important, as they help your...
Sign In

Sign in to follow sources and tags you love, and get personalized stories.

Continue with Google