Windows Troubleshooting Platform linked to malware attack

Microsoft’s Windows Troubleshooting Platform (WTP) was designed to help the millions of Windows users with basic troubleshooting. WTP is an automated system that has a huge repository of tools, diagnostics and how-to information. It is seen as a second line of support for users before they had to resort to calling the Microsoft helpline.

It seems hackers have compromised the idea of the Windows Troubleshooting Platform and are using it to serve malware. Security outfit Proofpoint have discovered that the platform is being used successfully alongside a social engineering campaign to infect computers across the world.

How the malware attack works

The setup is quite clever. Emails are sent to inboxes, seemingly from Microsoft. The email simulates a font issue and prompts the user to ‘double click to autodetect the charset’. That’s Window’s speak for checking the font is working correctly.

If the user does double click, a very clever installer opens that looks exactly like the real Windows Troubleshooter. The app is digitally signed and fools Windows into thinking it is legitimate. Once the user clicks Next, the app downloads the malware onto the computer and executes it.

Apparently, the attack is so clever and looks so realistic that it will fool even experienced computer users.

How to avoid the Windows Troubleshooting Platform malware attack

There is one simple way to avoid the vast majority of malware, phishing and virus attacks. Never click on a link contained in an email unless you are completely sure of the sender. This is especially true of random emails and ones that appear out of the blue.

Using a good quality security product on your computer can help keep viruses and malware at bay too. However, the main way this kind of attack works is by getting you the user to take action. In this case, opening what looks like the Windows Troubleshooting Platform. If you don’t click it, you don’t get malware.

If for any reason you do suspect your computer is infected, use your security software to run a scan and clean it out. If you cannot remove the infection completely, bring your device to Dave’s Computers and we will handle it for you.

Thank you for reading Dave’s Computer Repair Blog, if you ever need computer repair or data recovery assistance give us a call or fill out the contact form on the bottom right of the website.

Leave a Comment