Skype users told to change passwords, but will that stop spate of spoofed messages?

SkypeFor some weeks, Skype users have been complaining on online forums that their accounts have been sending out spoof messages without their permission.

Typically, users report that the messages use a Goo.gl URL shortener and are sent to all of their online contacts:

"Hi! goo.gl/[LINK]"

According to reports, some of the links might redirect to Russian domains hosting malicious code designed to infect visiting computers.

So far, and there have been over 20 pages of discussion of the issue on the Skype community pages, Microsoft doesn't appear to have come up with a solution to the problem - and there are no definitive conclusions as to how the messages are being sent.

One possibility is that malware has infected users' computers, and is sending the messages without the permission of the account owners.

However, this theory seems less likely as some users have reported that the unauthorised messages have been sent even though their computers and mobile devices are turned off at the time.

Skype loginPotentially the spoof messages might also have be sent due to a vulnerability in Skype's web-based client that the spammers are exploiting.

Alternatively, it's possible that Skype users have had their account passwords compromised - perhaps via phishing attacks, or because victims are using the same passwords elsewhere on the net.

Frankly, we don't know yet how the fraudsters are sending the messages - but sending them they are... and Skype users aren't happy, judging by posts on the support forum:

I've been having the same issue for the last two weeks or so!
I am now having to explain to people that it's not me sending them!!!
I've changed my password, so I'm hoping that will help, but I've also sent a support request to Skype to resolve the issue (no reply yet).
DO SOMETHING ABOUT THIS QUICKLY SKYPE, STOP IGNORING THE ISSUE!!!!!!!!!

My laptop was completely shut down and packed in my bag when messages went out to all my contacts.

Have also checked API as suggested but nothing suspicious there

I have Skype on my iPhone as well. Have temporarily removed the app for the sake of good order. I suspect it is Skype's servers that were compromised --- would be nice if they could shed some light on the issue....

Very embarrassing to have spam sent to hundreds of business contacts. Makes me consider to switch away from Skype.

For now, Microsoft is suggesting that customers change the passwords for all of their Skype-related accounts.

Skype community manager Claudius is the only official response I have been able to find:

Advice for Skype users

Our engineers are still looking into this.
Meanwhile we'd recommend everyone to change their account passwords for all your Skype related accounts, i.e. also update your Microsoft account password if you linked that to your Skype account. Here's how: https://support.skype.com/en/faq/FA95/how-do-i-change-my-password

Whether following that advice will prevent the spate of spoofed Skype messages remains to be seen...

Hat-tip: The Register

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

5 Responses

  1. Anonymous

    July 20, 2015 at 12:16 pm #

    I've stopped using Skype for the most part and have switched to a (hopefully) more secure messaging system. However, I signed in the other day and found an off-line message from a contact (I believe from the 9th July), it was very highly tailored, something along the lines of:

    Hi Bob! have you seen this: instagram.com/account/myskypeusername

    The 'instagram' link obviously turned into something a little more verbose and a little less trustworthy when 'link location' was copied. However, it does show that they are able to see/access my first name (as I have it set in Skype) and my Skype account ID.

    I didn't visit the link but I was quite impressed, it's certainly been one of the more sophisticated attempts (though I'd assume entirely automated) of phishing/compromise (or whatever then end goal was) that has come my way.

  2. Coyote

    July 23, 2015 at 1:07 am #

    This makes me think of MSN messenger. Hardly surprising that Microsoft has hold of Skype now.

    As for MSN, I remember they would give the suggestion of malware; I actually had it happen to me and I told them flat out (before) that I don't use Windows (not that other systems can't have malware but it was irrelevant here) and what do they give me? A link to a page with a list of Microsoft Windows antivirus software. It is arguably worse than the scripts tech support like to use (even when it is someone like me who tells them what is wrong, what they need to do and how to do it, and that I don't want them to waste my time with their silly scripts). I solved it myself (by using – I think – passport.com address instead of an email address) after sniffing MSN (messenger) traffic, in the end. But I seriously doubt the problem actually disappeared.

    The 'it must be your password' and 'you must have some malware' without much thought beyond, is merely ignoring the problem. It is one thing to suggest they (the users) make sure it isn't that (but this advice is always sound), but they (vendor) should investigate it further (and once enough tell them that their suggestions aren't helpful, they should actually realise it might not be the users at fault).

  3. tank lint

    August 16, 2015 at 9:07 am #

    There is a upcoming encrypted chat called Tox and it is open and not controlled by companies.

    tox.chat
    utox.org

  4. Wardine's Wrock

    May 21, 2016 at 6:46 pm #

    I believe these Skype cases which continue in May 2016 are related to the AOL diet-pill spam in April 2014. Was the method used to access the AOL accounts ever determined?

  5. Anonymous

    June 8, 2016 at 11:49 pm #

    It's still happening to this day!

Leave a Reply