Microsoft Subnet An independent Microsoft community View more

Microsoft will NOT email you Windows 10, it's ransomware

For people who are impatient for their Windows 10 upgrade, don't fall for an email scam that includes a zipped file that is supposedly Windows 10 sent by Microsoft. It's not the OS, but it will install ransomware on your PC.

Windows 10 email delivers CTB-Locker ransomware
Credit: Cisco

A few days ago, over 14 million machines had been upgraded to Windows 10, but millions of other people who used the “Get Windows 10” app are impatiently waiting for Microsoft to notify them that it is their turn to download Windows 10. The app says Microsoft is rolling out the free upgrade in waves: “Watch for your notification so that you can start your upgrade. Your notification to upgrade could come as soon as a few days or weeks.”

That notification has become an exploitation opportunity for bad guys who are sending out fake Windows 10 upgrade emails along with supposedly zipped Windows 10 download attachments that ultimately install ransomware on victims’ PCs.

See also: How to set up a local account in Windows 10, during or after installation

Notify when Windows 10 is ready

Some people didn’t wait on a notification and chose to use Microsoft’s media creation tool to download Windows 10, but others hesitated to use that method as they don’t know their Windows product key; if they can’t find it in the registry, then they aren’t inclined to use a previously unknown third-party app to find it.

Other Microsoft users chose to force Windows 10 to install. That process includes a few steps: Delete everything in “C:\Windows\SoftwareDistribution\Download” which requires deleting them with admin rights. Right-click on Start and then select Command Prompt (Admin); type in “wuauclt.exe /updatenow” (without quotes) but do not hit enter.

See also: Microsoft's pro-privacy website was hacked by a casino spammer

Force Windows 10 to install

Instead, open Windows Update (Right-click on Start>Control Panel then navigate to System and Security>Windows Update) and select “Check for updates.” Immediately afterwards, go back to the command prompt window and hit enter. That should force Windows 10 to download.

Force Windows 10 to download

Some users trying that method get an error code along the way that can’t be resolved by making sure all drivers are current and every last Windows update file has been installed…meaning even the ones that are supposedly optional, as skipping them can cause the Windows 10 upgrade to fail.

If you are growing impatient for Microsoft’s “Get Windows 10” app to let you know it’s your turn to upgrade, then you need to be careful; threat researchers from Cisco warned users not to fall for a new upgrade to Windows 10 scam.

The “Upgrade to Windows 10 for free” email has been spoofed so that it appears to be coming from Microsoft via update@microsoft.com. The header, however, shows that it came from an IP in Thailand. The email is using the same color scheme as the Windows 10 update app and claims, “This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.”

Windows 10 scam installs ransomware Cisco

Cisco pointed out a “red flag” of characters that did not parse properly.

Red flag characters that don’t parse properly Cisco

Microsoft does send emails to Windows Insiders, as well as those who reserved Windows 10 via the company’s app. But Microsoft is not going to email its newest OS to users.

Victims who are tricked into believing that Microsoft emailed them Windows 10, download the zipped file, extract it and run the executable, then see the CTB-Locker ransomware notice. Users are given 96 hours to submit the ransom payment to unlock their documents, photos, databases and other important files.

Windows 10 CTB-Locker ransomware notice Cisco

Not being backed up is why some people pay a ransom, but when looking for a silver lining in this case, if users are ready to upgrade then they surely backed up the photos, documents, and other files that are important to them. There's no reason to pay.

Is Windows 10 a privacy-invading spy machine?

On the flip-side, some of the folks who did install Windows 10 are unpleasantly stunned by the amount of Microsoft’s spying, and that’s on top of the company’s sketchy new privacy policy. Although Microsoft’s favorite quote to me is “your privacy is important to us,” and despite the company's history of bashing Google repeatedly for scanning emails to deliver targeted ads, Microsoft seems to have gotten “very Googley.”

And that’s not just Solitaire coming with ads unless you pay $1.50 per month for a premium non-ad version; it’s not just Microsoft replacing users’ default web browser with Edge – something that caused Mozilla to send an open letter asking for Microsoft to give users “the choice and control they deserve in Windows 10" (Mozilla then posted a “how to” for making Firefox your default browser). It’s also not just about Windows 10 sharing your Wi-Fi with your social media contacts listed in Outlook, Skype and Facebook…meaning you need to opt-out of Microsoft’s Wi-Fi Sense. It’s all that and more that caused some users to say Windows 10 and its default settings are a privacy nightmare.

For example: @GazTheJourno, the acting chief sub-editor for The Register, tweeted, “Holy crap. Win 10 is the NSA's wet dream of an operating system. Spyware, keyloggers, botnet functions, all built in.” He included a handy-dandy screenshot highlighting those privacy invasions.

Win 10 is the NSA's dream operating system GazTheJourno

If you have a stash of porn, then you probably shouldn’t be storing it in “My Pictures.” One guy told Reddit that he left Windows 10 to install overnight, but in the morning his wife wanted to know why his tablet was featuring a porn slideshow.

Windows 10 on man's tablet shows his wife his porn slideshow FalloutBoS

So if you still don’t have Windows 10, then don’t fall for the Microsoft-personally-emailed-me-Windows-10 ransomware scam. Once you do get Windows 10, you should immediately change some of the default privacy-invasion settings. Some of those settings can’t be changed, so as the ind.ie blog pointed out, installing Windows 10 is giving a thumbs up for Microsoft to spy on you.

Clippy Windows 10 spy ind.ie

Elsewhere, Clippy appeared on The Tonight Show when Jimmy Fallon mentioned Windows 10 and “wreak havoc.”

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.