Skype protocol hacked, part 2

Monday, November 14. 2016

On Friday 11th November, I got yet another Baidu-link from one of the same contacts, I've already received some.

As I've been communicating with the persons who are "sending" me these links, they have changed their Skype-password for their old logins since this incident gained publicity. At this point, I'm ready to bet serious money on the fact, that this is not what Microsoft officals state, a case of re-using leaked passwords. This is a serious incident with protocol having a security flaw which is being exploited by somebody who loves pointing a finger to Baidu. As the link-jumping ends at a fake Forbes site with a fake article about a miracle pill allowing you to access 100% of your brain, I don't think Chinese have anything to do with this case. IMHO this points to Russia based on the fact, that this link rotator is located in a .ru-domain and is located in St. Petersburg, Russia.

This is how the fake Baidu-link redirects your request:

  • Initial site sent via Skype: http://www.baidu.com/link
  • Link rotator: http://acondi.ru/
  • Taget sites:
    • http://dietzzfocon.com/ (USA)
    • http://exsuperbrain.com/ (UK)
    • http://weightuulossu.com/ (Netherlands)
    • http://zbiginbrain.com/ (Netherlands)
    • http://infocoolvip.com/ (Netherlands)
    • http://habzbrain.com/ (USA)
    • http://dietzzfocon.com/ (USA)

Microsoft:
Get your heads out of the sand! You have an issue to fix here.

by Jari Turkia in Security at 08:15 | Comments (10) | Google | Share in LinkedIn

Comments
Display comments as (Linear | Threaded)

I have same issue with my account.
I fix this with deleting skype from my android phone. Maybe it's vulnerability with mobile version of skype
Comment (1)
#1 Rito on 2016-11-14 11:37
Oh! A classic, tuck the problem away and you won't be affected by it? :-)

The protocol is broken. Bad guys are capable of sending messages on your behalf regardless your Android-device has the client installed or not.
Comments (5)
#1.1 Jari Turkia on 2016-11-17 22:01
So I messed up and clicked the link, what do I do now? Is my computer infected?
Comment (1)
#2 rb on 2016-11-14 18:08
No, your computer is not infected. If you click the link, there is nothing serious on the destination site. Just don't purchase anything! :-)
Comments (5)
#2.1 Jari Turkia on 2016-11-17 22:00
I am having this issue as well. Haven't used Skype in years!

Looks like this article is related: http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack
Comment (1)
#3 jonas on 2016-11-15 10:17
Yes, I'm guessing you copied that link from my first part.
Comments (5)
#3.1 Jari Turkia on 2016-11-16 18:40
I have this issue too. My friend send me a Baidu link, then I clicked it. I've already changed my password. Is it kind of virus? what will happen if I click the link?
Comment (1)
#4 Austin on 2016-11-17 03:47
If you ever checked the Skype community discussion from my part 1 (https://blog.hqcodeshop.fi/archives/324-Skype-protocol-hacked.html) with title "Link to "baidu" website sent to all of my contacts", there I'm trying to calm down people who are going ballistic with no reason:
https://community.skype.com/t5/Security-Privacy-Trust-and/Link-to-quot-baidu-quot-website-sent-to-all-of-my-contacts/m-p/4526558/highlight/true#M65630

As you can see from my above article, I went trough their pretty standard lure-and-bait -mechanism, but I didn't find anything that would be serious, dangerous or having negative impact to your computer or its well-being. It's just a fake website, but it doesn't spread viruses or isn't attempting to find a security flaw from your system.

Of course, any of that is subject to change in a blink. But that's the situation at the time of writing this reply. It's just a scam, nothing more.
Comments (5)
#4.1 Jari Turkia on 2016-11-17 13:03
I stumbled across your post while trying to research this issue myself.

I too have "sent" these links, even though I rarely use Skype. After I was notified I "sent" these links, I merged my Microsoft and Skype Accounts as well as implemented the 2 step verification process.

Anyway, While the link itself is nothing serious, just a fake website, it is still disheartening that my information was compromised at some point.

What is scary is that Microsoft/Skype are simply saying to change your password to something strong / merge your Microsoft and Skype Accounts.

Per the research I have done looking at the various forums and posts - no one can identify what the actual issue is.
Comment (1)
#5 BD on 2016-11-17 21:31
I can confirm, that changing password or merging Skype-account with Microsoft-account does not help nor is a solution for this one. There is proof, that an user with merged accounts with seriously long random password has "sent" the Baidu-spam. The obvious flaw in Microsoft's thinking is, that there is no 2-FA for Skype-account. There is 2-FA for Microsoft-account. You can access Skype with either.

Regardless, this is not an authentication issue, or if it is, password has nothing to do with it. They can simply bypass the auth somehow.
Comments (5)
#5.1 Jari Turkia on 2016-11-17 21:58

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
 
Submitted comments will be subject to moderation before being displayed.
 

Calendar

Back April '19 Forward
Mon Tue Wed Thu Fri Sat Sun
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia.