A few days ago, over 14 million machines had been upgraded to Windows 10, but millions of other people who used the “Get Windows 10” app are impatiently waiting for Microsoft to notify them that it is their turn to download Windows 10. The app says Microsoft is rolling out the free upgrade in waves: “Watch for your notification so that you can start your upgrade. Your notification to upgrade could come as soon as a few days or weeks.”
That notification has become an exploitation opportunity for bad guys who are sending out fake Windows 10 upgrade emails along with supposedly zipped Windows 10 download attachments that ultimately install ransomware on victims’ PCs.
Some people didn’t wait on a notification and chose to use Microsoft’s media creation tool to download Windows 10, but others hesitated to use that method as they don’t know their Windows product key; if they can’t find it in the registry, then they aren’t inclined to use a previously unknown third-party app to find it.
Other Microsoft users chose to force Windows 10 to install. That process includes a few steps: Delete everything in “C:\Windows\SoftwareDistribution\Download” which requires deleting them with admin rights. Right-click on Start and then select Command Prompt (Admin); type in “wuauclt.exe /updatenow” (without quotes) but do not hit enter.
Instead, open Windows Update (Right-click on Start>Control Panel then navigate to System and Security>Windows Update) and select “Check for updates.” Immediately afterwards, go back to the command prompt window and hit enter. That should force Windows 10 to download.
Some users trying that method get an error code along the way that can’t be resolved by making sure all drivers are current and every last Windows update file has been installed…meaning even the ones that are supposedly optional, as skipping them can cause the Windows 10 upgrade to fail.
If you are growing impatient for Microsoft’s “Get Windows 10” app to let you know it’s your turn to upgrade, then you need to be careful; threat researchers from Cisco warned users not to fall for a new upgrade to Windows 10 scam.
The “Upgrade to Windows 10 for free” email has been spoofed so that it appears to be coming from Microsoft via firstname.lastname@example.org. The header, however, shows that it came from an IP in Thailand. The email is using the same color scheme as the Windows 10 update app and claims, “This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.”
Cisco pointed out a “red flag” of characters that did not parse properly.
Microsoft does send emails to Windows Insiders, as well as those who reserved Windows 10 via the company’s app. But Microsoft is not going to email its newest OS to users.
Victims who are tricked into believing that Microsoft emailed them Windows 10, download the zipped file, extract it and run the executable, then see the CTB-Locker ransomware notice. Users are given 96 hours to submit the ransom payment to unlock their documents, photos, databases and other important files.
Not being backed up is why some people pay a ransom, but when looking for a silver lining in this case, if users are ready to upgrade then they surely backed up the photos, documents, and other files that are important to them. There's no reason to pay.
Is Windows 10 a privacy-invading spy machine?
And that’s not just Solitaire coming with ads unless you pay $1.50 per month for a premium non-ad version; it’s not just Microsoft replacing users’ default web browser with Edge – something that caused Mozilla to send an open letter asking for Microsoft to give users “the choice and control they deserve in Windows 10" (Mozilla then posted a “how to” for making Firefox your default browser). It’s also not just about Windows 10 sharing your Wi-Fi with your social media contacts listed in Outlook, Skype and Facebook…meaning you need to opt-out of Microsoft’s Wi-Fi Sense. It’s all that and more that caused some users to say Windows 10 and its default settings are a privacy nightmare.
For example: @GazTheJourno, the acting chief sub-editor for The Register, tweeted, “Holy crap. Win 10 is the NSA's wet dream of an operating system. Spyware, keyloggers, botnet functions, all built in.” He included a handy-dandy screenshot highlighting those privacy invasions.
If you have a stash of porn, then you probably shouldn’t be storing it in “My Pictures.” One guy told Reddit that he left Windows 10 to install overnight, but in the morning his wife wanted to know why his tablet was featuring a porn slideshow.
So if you still don’t have Windows 10, then don’t fall for the Microsoft-personally-emailed-me-Windows-10 ransomware scam. Once you do get Windows 10, you should immediately change some of the default privacy-invasion settings. Some of those settings can’t be changed, so as the ind.ie blog pointed out, installing Windows 10 is giving a thumbs up for Microsoft to spy on you.
Elsewhere, Clippy appeared on The Tonight Show when Jimmy Fallon mentioned Windows 10 and “wreak havoc.”