More Malware Spreading Via Skype

skype, microsoft, security, malware, spamEmails that appear to come from Skype administrators come with an attached ZIP file that can infect Windows machines, according to the security firm Sophos.

The bogus email tells users that their Skype password has been changed. It contains a link to reset the password that does, in fact, send users to the Skype website. But a ZIP file attached to the email contains a Trojan horse that opens a backdoor that lets hackers in to Windows machines.

The ZIP file contains a file with a double extension: Skype_Password_inscructions.pdf.exe [sic]. Users who focus on the PDF extension rather than the .exe extension may be more inclined to open the malware, even though PDF files can also contain malware.

As SocialTimes reported, hackers are also sending instant messages over the Microsoft-owned Skype software to spread another backdoor Trojan.

According to Chester Wisniewski, a senior security advisor at Sophos, hackers target Skype largely because the service has such a large user base.

“The vast majority of scams, whether in an email or through instant messaging on the service, are social engineering, not bugs in the Skype software,” Wisniewski said in an email. “That is not to say there is nothing they could do. Many of these attacks use the same messages to users over and over and you would expect them to implement a fraud/spam filter to look for these known attack patterns.”

Microsoft did not immediately respond to a request to comment.

Related Stories
Mediabistro Course

Podcasting

PodcastingLearn to develop, create, and launch your own podcast! Starting October 23, Steve Belaner, the host of the weekly podcast The Gamut, will teach you how to determine the goals of your podcast, perfect your concept, contact and book guests, market your podcast,  and get your show up and running in just a few weeks. Register now!