Sophos Cloud Optix
If Skype users didn’t have enough to worry about this week security-wise (with a worm spreading across the system), there’s now another threat to warn about.
Emails have been spammed out by cybercriminals, posing as messages from Skype, claiming that you have changed your password on the service.
Here’s an example of one such email (click on it for a larger version):
If you look carefully, you may spot that the spammers made a clumsy spelling mistake:
Password successfully changed
Your new Skype password has been set.You can now view your attached call history and inscturtions how to change your account settings.
If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes: Restore password
Talk soon,
The people at Skype
Perhaps surprisingly, the links really do point to the genuine Skype website at skype.com.
However, a file (Skype_Password_insctructions.zip) is attached to the email, and if you make the mistake of unzipping and executing its contents (Skype_Password_inscructions.pdf.exe) you run the risk of infecting your Windows computer.
The malware, which is detected by Sophos products as Troj/Backdr-HN, opens a backdoor onto your computer, giving remote hackers access to your system.
The danger is, of course, that users worried by the recent worm will be frightened that their Skype password has been changed without their consent, and open the attachment – and thus infect their PC.
As always, be on the lookout for unsolicited suspicious emails and always be wary of opening attachments which arrive out of the blue. In this case, the file is using the well-known “double extension trick” to dupe the unwary into believing that they might be clicking on a PDF rather than executable code.
Thanks to SophosLabs researcher Julie Yeates for her assistance with this article.
Lock image from Shutterstock.
"Talk soon,
The people at Skype"
My first instinct was to think this was a really unprofessional sign-off, and there was no way a genuine Skype message would end like that. Then I looked it up, and sure enough, they DO use that.
On the other hand, "inscturtions how to change your account settings" is a nice little phrase, with a bizarre little typo and generally bad grammar all rolled into one. However, this particular brand of bad grammar seems like it was probably written by a native English speaker, which is not so common for these sorts of emails.
I'm curious about the email's header info, since the from address given is obviously spoofed.
Wow, they really need to change their ways. That's way to casual and weird for a company. Even 'The Skype Crew' would be more fitting.
I know its a scam since if you haven't changed your password and they say you have…scam, its that simple for me to realise its a scam or not
Actually, the idea is if someone changed your password, they broke into your account, that's why it normaly says "if you didn't change your password, then ignore this email"
One of the characteristics of illiteracy is that illiterate people tend to write exactly the way they talk. Of course, they don't KNOW they're illiterate, and they're less likely to realize it in today's culture, wherein it's considered…er, "inappropriate" to correct people's spelling and grammatical errors.
So, while the Internet culture inflicts such linguistic atrocities upon "thems whut wuz brung up right", I guess there's at least some mitigating virtue in the fact that it makes the malware of illiterate scammers much easier to spot…and apparently many of them are illiterate.