ESG malware analysts have observed a marked rise in social engineering attacks that target users of the popular VoIP platform Skype. With worms spreading using Skype instant messaging and spy Trojans disguised as security updates for this popular platforms, 2012 has definitely been a year of social engineering attacks involving Skype. Unfortunately for Skype users, the Troj/Backdr-HN Trojan is one more dangerous malware threat that targets users of this popular application. This dangerous Trojan is contained in a social engineering scam in the form of spam email messages supposedly sent out by the Skype administrators. If you find email from Skype supposedly notifying you of changes to your Skype password, ESG security researchers strongly advise caution. These kinds of messages are used to distribute the Troj/Backdr-HN Trojan, a backdoor Trojan that is used to target users of this popular VoIP platform.
The Social Engineering Scam Used to Distribute Troj/Backdr-HN
There have been received reports of computer users complaining of email messages that are poorly spelled suggesting that the victim’s Skype password has been changed. This email message contains an embedded link that actually leads to the real Skype website, rather than to a phishing alternative. So, where is the Troj/Backdr-HN Trojan contained in this malicious email message? It is actually contained in an attached file named Skype_Password_insctructions.zip (the spelling mistake is in the original file name). Unzipping this file will cause its contents to be executed automatically. This ZIP archive contains a fake PDF file which, actually, is an executable file for the Troj/Backdr-HN Trojan. Once opened, this malicious code opens a backdoor on the infected computer. By using this back door, criminals can gain access to your computer without your authorization.
Genuine companies will at no time contact you via email about changes to your password, and they will never send you unsolicited email attachments (especially in compressed formats such as ZIP). A fundamental security rule is never to open unsolicited file attachments since these are the most common way in which criminals distribute malware. The Troj/Backdr-HN Trojan also uses a common trick in which criminals add two extensions to their file. In this case, the malicious file has the extension .pdf.exe, with the EXE portion hidden. This means that the victim will think that they are opening a PDF file while it is actually executing a malicious executable file that runs the Troj/Backdr-HN Trojan on the infected computer.
How Can You Detect Troj/Backdr-HN?