Over the last few weeks, there’s been a spam campaign taking place on Skype which involves the following steps:
- Scammers use an automated technique to break old / weak Skype passwords (this has been contested by Skype users in that forum thread).
- They then use these accounts to send spam messages to contacts.
- The spam frequently hides the “real” destination by providing (say) a Baidu search engine link instead – along with the Skype Username of the person who clicked the link in the URL.
- The websites the encoded URLs lead to tend to use redirects – it’s possible they’ve been compromised – before dumping the end-user on a diet spam page.
Here’s an example of the spam currently going around:
“Hi [username] | baidu(dot)com/[URL string] advise”
Spammers will often send messages containing shortened URLs – like Bit.ly – to disguise their bad intentions. Some search engines like baidu encode their search URLs (go to Baidu.com, search for something and then right click / view link for examples). Spammers take advantage of this, masking the link to the target website with what the victim will see in the chat spam as a legitimate, trusted URL.
Below you can see the initial landing page, the final destination and a screenshot of a Fiddler log:
If your Skype password is in need of a spring clean, now might be the perfect time to do it – feel free to check out the list of hints and tips on the Skype Security page.
Christopher Boyd