Skip to comments.That 'new Windows 10 update' could be packed with ransomware (and probably IS)
Posted on 11/26/2019 7:35:51 PM PST by dayglored
Users warned not to open email claiming to be from Microsoft concerning a Windows 10 update.
Users have been warned not to download a fake Windows 10 update which is actually packed with malware.
Security researchers from Trustwave's SpiderLabs have uncovered a new malicious campaign that spoofs an urgent update email from Microsoft to infect user's systems with the Cyborg ransomware.
Targeted users first receive an email with either the subject line 'Install Latest Microsoft Windows Update now!' or 'Critical Microsoft Windows Update!' which is already suspicious as Microsoft pushes Windows updates through its operating system and never through emails.
The email itself contains just one line of text which reads: “Please install the latest critical update from Microsoft attached to this email”. While the fake update attachment has “.jpg” file extension, it is actually not a picture but instead is an executable file.
This executable file is a malicious .NET download that the attackers have designed to deliver malware to the infected system.
Upon clicking on the email's attachment, the executable hidden within it downloads a file called 'bitcoingenerator.exe' from a GitHub account with the name misterbtc2020. Just like with the attachment itself, this file is a .NET compiled malware known as the Cyborg ransomware.
Once activated, the ransomware encrypts all of the files on the infected user's system and appends their filenames with its own file extension, 777. A ransom note with the filename 'Cyborg_DECRYPT.txt' is then left on the desktop of the compromised machine. Finally the ransomware leaves a copy of itself called 'bot.exe' hidden at the root of the infected drive.
In an effort to better understand the variants of the Cyborg ransomware, Trustwave researchers searched for the original filename of the ransomware they obtained and searched for it in VirusTotal. There they found three other samples of this ransomware and discovered that a builder for it exists online.
The researchers also found a GitHub account with the name Cyborg-Ransomware that contained a repository with the ransomware builder binaries as well as a second repository with a link to the Russian version of the same builder hosted on another site.
Trustwave's Diana Lopera explained why the Cyborg ransomware poses a serious threat to individuals and businesses in a blog post, saying:
“The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder. It can be spammed using other themes and be attached in different forms to evade email gateways. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware.”
Microsoft DOES NOT SEND UPDATES BY EMAIL!
Yep. Sorry. People who fall for this do not get my sympathy.
Why don’t all email programs have an option to block executable attachments?
Oh, they do have that option, usually by default. And all reputable ISP's with mail servers block them too.
But some slip through, and users click on them.
Hell, nearly half of American voters vote for Democrats. You're surprised they click on malware too?
Yes, an e-mail notice from Microsoft is a dead giveaway, but also the tone is all wrong, almost hysterical. Big companies generally don't put out crap like that. If there is any question, go to the MS website and see if the update is listed. Last, you are extremely unlikely to be the first person targeted, so Google it; others will already be talking about it and putting out dire warnings if it's fake.
If you value your data, BACK IT UP!!!! External USB hard drives are very cheap.
Also, image your OS partition occasionally and especially after major updates. There are numerous programs available — some of them ‘free’ for home use. Images have saved me several times over the years.
Microsoft and Google dont ask if you want an update
Its for your own good!!!
As with "Windows Technical Support Dept." From India.
Thanks for the ping.
“Also, image your OS partition occasionally and especially after major updates. There are numerous programs available some of them free for home use”
Why doesn’t Microsoft supply imaging software with their OS?
Outlook does, but AFAIK Thunderbird does not.
I wonder if this new malicious attachment really does have a jpg extension, or if the filename something like filename.jpg.exe.
Ive never understood that being the default. So stupid. And 25 years after we all knew it was a bad idea, its still the default.
Worse, Apple (Mac) does the same thing. Actually the Mac did it first and Windows just copied it. Stupid and dangerous.
I use a program called Mailwasher to preview email. I can usually tell whether an email is legit. I frequently get emails that are spoofs of my ISP. Occasionally, I get spoofs of other websites, such as Paypal.
My ISP does catch a lot of spam before it even gets to my ISP email inbox, but some slip through.
What kind of retard doesn’t know how to use Windows Update, after 20 years?
What kind of retard votes for Democrats, after decades of evidence of the damage they cause?
Mailwasher looks like a good option for people with ISPs that do not filter spam well. It does not appear to do what I asked about, which is to filter executable file attachments.
what if i get a call from a ‘microsoft technician’ telling me to open the microsoft email? Is it safe then? (J/K)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.