Malware attack strikes, posing as Skype password change notification

Filed Under: Featured, Malware, Spam

Password lock icon. Image from ShutterstockIf Skype users didn't have enough to worry about this week security-wise (with a worm spreading across the system), there's now another threat to warn about.

Emails have been spammed out by cybercriminals, posing as messages from Skype, claiming that you have changed your password on the service.

Here's an example of one such email (click on it for a larger version):

Malicious Skype email. Click for larger version

If you look carefully, you may spot that the spammers made a clumsy spelling mistake:

Password successfully changed
Your new Skype password has been set.

You can now view your attached call history and inscturtions how to change your account settings.
If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes: Restore password
Talk soon,
The people at Skype

Perhaps surprisingly, the links really do point to the genuine Skype website at

However, a file ( is attached to the email, and if you make the mistake of unzipping and executing its contents (Skype_Password_inscructions.pdf.exe) you run the risk of infecting your Windows computer.

The malware, which is detected by Sophos products as Troj/Backdr-HN, opens a backdoor onto your computer, giving remote hackers access to your system.

The danger is, of course, that users worried by the recent worm will be frightened that their Skype password has been changed without their consent, and open the attachment - and thus infect their PC.

As always, be on the lookout for unsolicited suspicious emails and always be wary of opening attachments which arrive out of the blue. In this case, the file is using the well-known "double extension trick" to dupe the unwary into believing that they might be clicking on a PDF rather than executable code.

Thanks to SophosLabs researcher Julie Yeates for her assistance with this article.

Lock image from Shutterstock.

, ,

You might like

5 Responses to Malware attack strikes, posing as Skype password change notification

  1. Andrew Covarrubias · 1094 days ago

    "Talk soon,
    The people at Skype"

    My first instinct was to think this was a really unprofessional sign-off, and there was no way a genuine Skype message would end like that. Then I looked it up, and sure enough, they DO use that.

    On the other hand, "inscturtions how to change your account settings" is a nice little phrase, with a bizarre little typo and generally bad grammar all rolled into one. However, this particular brand of bad grammar seems like it was probably written by a native English speaker, which is not so common for these sorts of emails.

    I'm curious about the email's header info, since the from address given is obviously spoofed.

    • Jeremy · 1093 days ago

      Wow, they really need to change their ways. That's way to casual and weird for a company. Even 'The Skype Crew' would be more fitting.

  2. Robert Gracie · 1093 days ago

    I know its a scam since if you haven't changed your password and they say you have...scam, its that simple for me to realise its a scam or not

    • Miss_Rarity · 1090 days ago

      Actually, the idea is if someone changed your password, they broke into your account, that's why it normaly says "if you didn't change your password, then ignore this email"

  3. Nigel · 1093 days ago

    One of the characteristics of illiteracy is that illiterate people tend to write exactly the way they talk. Of course, they don't KNOW they're illiterate, and they're less likely to realize it in today's culture, wherein it's, "inappropriate" to correct people's spelling and grammatical errors.

    So, while the Internet culture inflicts such linguistic atrocities upon "thems whut wuz brung up right", I guess there's at least some mitigating virtue in the fact that it makes the malware of illiterate scammers much easier to spot...and apparently many of them are illiterate.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley