Cybercriminals are leveraging the news about the new worm to induce panic

Oct 12, 2012 08:26 GMT  ·  By

Remember the cybercriminals that sent out fake voicemail notifications signed “The People at Skype?” They’re back with a similar scheme, this time informing recipients that their passwords have been successfully changed.

Sophos came across some of these emails. The bogus messages are decently designed but, as always, a typo slipped by:

Password successfully changed

Your new Skype password has been set. You can now view your attached call history and inscturtions how to change your account settings.

If the changes described above are accurate, no further action is needed. If anything doesn't look right, follow the link below to make changes: Restore password

Talk soon, The people at Skype

Unlike the “voicemail” campaign, where victims were lured to a malicious website connected to threats such as the BlackHole exploit kit or the infamous ZeuS malware, this time, surprisingly, the links from the email actually point to skype.com.

However, the file that’s attached to these emails is anything but innocent. Skype_Password_insctructions.zip actually hides a piece of malware that’s identified by Sophos solutions as Troj/Backdr-HN.

Once it makes itself cozy on a computer, the threat opens a backdoor, giving cybercriminals unrestricted access to the device.

Graham Cluley, senior technology consultant at Sophos, reveals that the crooks are likely hoping that frightened users will rush to open the attachment, thinking that the recent Skype-spreading worm – the one that serves ransomware and other malware – is somehow involved.

First of all, in case you come across emails signed off with “Talk soon, The People at Skype,” you can be certain that it’s part of a scheme. Also, if you closely read the email you will notice that the spammers spelled “inscturtions” instead of “instructions.”

While this is a minor mistake, it’s unlikely that legitimate Skype notifications would contain such a typo.