Over the last few weeks, there's been a spam campaign taking place on Skype which involves the following steps:
- Scammers use an automated technique to break old / weak Skype passwords (this has been contested by Skype users in that forum thread).
- They then use these accounts to send spam messages to contacts.
- The spam frequently hides the "real" destination by providing (say) a Baidu search engine link instead - along with the Skype Username of the person who clicked the link in the URL.
- The websites the encoded URLs lead to tend to use redirects - it's possible they've been compromised - before dumping the end-user on a diet spam page.
"Hi [username] | baidu(dot)com/[URL string] advise"Spammers will often send messages containing shortened URLs - like Bit.ly - to disguise their bad intentions. Some search engines like baidu encode their search URLs (go to Baidu.com, search for something and then right click / view link for examples). Spammers take advantage of this, masking the link to the target website with what the victim will see in the chat spam as a legitimate, trusted URL.
Below you can see the initial landing page, the final destination and a screenshot of a Fiddler log:
[gallery type="slideshow" ids="9423,9424"]
If your Skype password is in need of a spring clean, now might be the perfect time to do it - feel free to check out the list of hints and tips on the Skype Security page.