New Skype spam leads to Trojan download

Steer Clear of this Skype Spam

Over the last few weeks, there’s been a spam campaign taking place on Skype which involves the following steps:

  1. Scammers use an automated technique to break old / weak Skype passwords (this has been contested by Skype users in that forum thread).
  2. They then use these accounts to send spam messages to contacts.
  3. The spam frequently hides the “real” destination by providing (say) a Baidu search engine link instead – along with the Skype Username of the person who clicked the link in the URL.
  4. The websites the encoded URLs lead to tend to use redirects – it’s possible they’ve been compromised – before dumping the end-user on a diet spam page.

Here’s an example of the spam currently going around:

Skype Spam

“Hi [username] | baidu(dot)com/[URL string] advise”

Spammers will often send messages containing shortened URLs – like Bit.ly – to disguise their bad intentions. Some search engines like baidu encode their search URLs (go to Baidu.com, search for something and then right click / view link for examples). Spammers take advantage of this, masking the link to the target website with what the victim will see in the chat spam as a legitimate, trusted URL.

Below you can see the initial landing page, the final destination and a screenshot of a Fiddler log:

Fiddler Log

 

If your Skype password is in need of a spring clean, now might be the perfect time to do it – feel free to check out the list of hints and tips on the Skype Security page.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.