Is there any additional measure that administrators can put in place to block attacks of this sort?
The malicious files involved are usually named [filename].pdf.exe. The user downloads and executes these files believing that they are a common PDF file.
It is possible to create a defensive policy for Symantec Endpoint Protection's optional Application and Device Control (ADC) component. This policy will prevent the malicious files downloaded by Skype from being executed and causing harm, even if AntiVirus signatures have not yet been created against this specific variant of threat.
Create/Edit an Application and Device Control policy
Login into the Symantec Endpoint Protection Manager (SEPM) console.
Click Policies, and then click Application and Device Control under View Policies.
Select the Application and Device Control policy which needs to be modified on the right-hand side.
Click Edit the Policy under Tasks.
In the pop-up window, click Application Control.
Click the Add... button.
In section of “Apply this rule in the following process” click on ADD and enter the Skype.exe process. Then Select Ok.
Now Click on Add from bottom
Click on Add Condition and select the File and Folder Access Attempts.
Under the File and Folder Access Attemptsbox click on ADD in the section of “Apply this rule in the following files and folders”
Enter the file extension with wildcard: *.exe
Then press ok
Go to the Action Tab in “File and Folder Access Attempts”.
Select the Permit access in the “Reading attempt”.
Select the Block Access in the “Create, Delete and Writing attempt” and check “enable logging”.
Assign the policy to the desired Client Group.
A pre-built policy file is attached, below. Please note that this file and these steps are provided "as-is" and may not be effective against every new variant or threat.