Over the last few weeks, there’s been a spam campaign taking place on Skype which involves the following steps:
- Scammers use an automated technique to break old / weak Skype passwords (this has been contested by Skype users in that forum thread).
- They then use these accounts to send spam messages to contacts.
- The spam frequently hides the “real” destination by providing (say) a Baidu search engine link instead – along with the Skype Username of the person who clicked the link in the URL.
- The websites the encoded URLs lead to tend to use redirects – it’s possible they’ve been compromised – before dumping the end-user on a diet spam page.
Here’s an example of the spam currently going around:
“Hi [username] | baidu(dot)com/[URL string] advise”
Spammers will often send messages containing shortened URLs – like Bit.ly – to disguise their bad intentions. Some search engines like baidu encode their search URLs (go to Baidu.com, search for something and then right click / view link for examples). Spammers take advantage of this, masking the link to the target website with what the victim will see in the chat spam as a legitimate, trusted URL.
Below you can see the initial landing page, the final destination and a screenshot of a Fiddler log:
If your Skype password is in need of a spring clean, now might be the perfect time to do it – feel free to check out the list of hints and tips on the Skype Security page.
Christopher Boyd
I bet they got in through my hotmail account, which was linked. Just a guess because my hotmail has been hacked before. I really don’t think they are hacking the password. I think they must have a more efficient exploit up their sleeves!
The spammer who sent links out from my Skype account used the display name “live”. I think that’s a clue they accessed Skype from a microsoft live account which was linked.
The same just happened here.
1 – I had both a “live” and “facebook” new contacts added; both had a conversation history with me filled with spam links. Blocked both.
2 – Changed Skype and my Live password.
3 – Found no malware or viruses. Bitdefender is always active and I use Malwarebytes for a routinely scan.
I agree I used a unique, random 12-string and use 2factor-auth on my MS account.
Though my skype was ancient I dont use it often and forgot to update. My best guess is an exploitable weakness in older skype versions (at least I hope its only in older ones).