Press "Enter" to skip to content

Microsoft Infects Windows Computers With Malvertising

I thought about ignoring this one and letting it slide, but it’s too priceless, too typically Microsoft, not to pass on. It seems that Redmond has been inadvertently infecting Windows computers with ransomware through its MSN website. Not to worry, however. The company is happy to hand you a tool to remove the malware, which is akin to locking the door after the horse is gone, as your files will by then be locked up tighter than a waterproof safe.

The news came yesterday, via ZDNet, that Microsoft has “upgraded its malicious software removal tool to tackle TeslaCrypt, or Tescrypt as it calls it.”

TeslaCrypt, a ransomware trojan, became big news early this year when it was found to be targeting computers with a variety of computer games installed. The malware evidently looks for file extensions associated with 40 or so games and encrypts them. The list of games infected includes such popular titles as Call of Duty, World of Warcraft, Minecraft and World of Tanks. From there, the scenario is all too familiar. To unencrypt, users must pay up — the going price is the equivalent of $500 in Bitcoins — to receive the decrypt key.

While media mainly focused on the gaming aspect of TeslaCrypt, lulling non-gaming Windows users in to a false sense of security, it appears that the trojan also targets financial and tax software.

Ho hum. Life as usual in the Windows world, eh?

Trouble is, Microsoft began to notice a major uptick in detections of TelsaCrypt in late August, with the numbers rising from less than 1,000 detections daily to more than 3,500. This coincided with a report from the security company Malwarebytes, which detailed on August 27 a major ad based malware campaign using major news websites — including MSN.com — as drive-by delivery platforms.

Initially, unencrypting files locked by TelsaCrypt was pretty straightforward. Early versions of the malware stored the encryption key on the victim’s computer in plain text, prompting Cisco to develop and release the Talos TeslaCrypt Decryption Tool that victims could use to set things right. However, in July, Kaspersky reported that TeslaCrypt version 2.0, which now identifies itself to victims as CryptoWall, stores the encryption key in a binary blob stored in the registry, “which means that it is currently impossible to decrypt files affected by TeslaCrypt.”

As a Linux user, the thought of Microsoft infecting Windows computers through its own news site would be a rather amusing episode from the files of the Keystone Cops, if not for the hapless victims who now find important financial and tax records unreachable. As it is, it’s a reminder to all of us, even if we run Linux, BSD or some other “safe” operating system, to back up our files and back them up often.

3 Comments

  1. 2_OK 2_OK October 15, 2015

    It might be true or false!
    However it is just way of MS, that is the way they make things more complicated that is first objection and the second the reson is they will improve their system like that…
    It is conning device in a way!

    Have nice day.

    And yes, I had some problem on my Nokia phone because they have sent me mail of some award… etc…
    as I have been caucious I have traced it to some of redmond servers, howevwer it was originaly operated from some address in Nigeria…

    Go figure,
    Well, they had no server on Linux that is for sure…

  2. Stephen Green Stephen Green October 16, 2015

    No, not Microsoft again.! It must be tough to have become such a large
    company with a target on its back, for everybody..

Comments are closed.

Breaking News: