Malware attack strikes, posing as Skype password change notification

Malware attack strikes, posing as Skype password change notification

Password lock icon. Image from ShutterstockIf Skype users didn’t have enough to worry about this week security-wise (with a worm spreading across the system), there’s now another threat to warn about.

Emails have been spammed out by cybercriminals, posing as messages from Skype, claiming that you have changed your password on the service.

Here’s an example of one such email (click on it for a larger version):

Malicious Skype email. Click for larger version

If you look carefully, you may spot that the spammers made a clumsy spelling mistake:

Password successfully changed
Your new Skype password has been set.

You can now view your attached call history and inscturtions how to change your account settings.
If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes: Restore password
Talk soon,
The people at Skype

Perhaps surprisingly, the links really do point to the genuine Skype website at

However, a file ( is attached to the email, and if you make the mistake of unzipping and executing its contents (Skype_Password_inscructions.pdf.exe) you run the risk of infecting your Windows computer.

The malware, which is detected by Sophos products as Troj/Backdr-HN, opens a backdoor onto your computer, giving remote hackers access to your system.

The danger is, of course, that users worried by the recent worm will be frightened that their Skype password has been changed without their consent, and open the attachment – and thus infect their PC.

As always, be on the lookout for unsolicited suspicious emails and always be wary of opening attachments which arrive out of the blue. In this case, the file is using the well-known “double extension trick” to dupe the unwary into believing that they might be clicking on a PDF rather than executable code.

Thanks to SophosLabs researcher Julie Yeates for her assistance with this article.

Lock image from Shutterstock.