Skype protocol hacked, part 2
Monday, November 14. 2016
On Friday 11th November, I got yet another Baidu-link from one of the same contacts, I've already received some.
As I've been communicating with the persons who are "sending" me these links, they have changed their Skype-password for their old logins since this incident gained publicity. At this point, I'm ready to bet serious money on the fact, that this is not what Microsoft officals state, a case of re-using leaked passwords. This is a serious incident with protocol having a security flaw which is being exploited by somebody who loves pointing a finger to Baidu. As the link-jumping ends at a fake Forbes site with a fake article about a miracle pill allowing you to access 100% of your brain, I don't think Chinese have anything to do with this case. IMHO this points to Russia based on the fact, that this link rotator is located in a .ru-domain and is located in St. Petersburg, Russia.
This is how the fake Baidu-link redirects your request:
- Initial site sent via Skype: http://www.baidu.com/link
- Link rotator: http://acondi.ru/
- Taget sites:
- http://dietzzfocon.com/ (USA)
- http://exsuperbrain.com/ (UK)
- http://weightuulossu.com/ (Netherlands)
- http://zbiginbrain.com/ (Netherlands)
- http://infocoolvip.com/ (Netherlands)
- http://habzbrain.com/ (USA)
- http://dietzzfocon.com/ (USA)
Microsoft:
Get your heads out of the sand! You have an issue to fix here.
On Friday 11th November, I got yet another Baidu-link from one of the same contacts, I've already received some.
As I've been communicating with the persons who are "sending" me these links, they have changed their Skype-password for their old logins since this incident gained publicity. At this point, I'm ready to bet serious money on the fact, that this is not what Microsoft officals state, a case of re-using leaked passwords. This is a serious incident with protocol having a security flaw which is being exploited by somebody who loves pointing a finger to Baidu. As the link-jumping ends at a fake Forbes site with a fake article about a miracle pill allowing you to access 100% of your brain, I don't think Chinese have anything to do with this case. IMHO this points to Russia based on the fact, that this link rotator is located in a .ru-domain and is located in St. Petersburg, Russia.
This is how the fake Baidu-link redirects your request:
- Initial site sent via Skype: http://www.baidu.com/link
- Link rotator: http://acondi.ru/
- Taget sites:
- http://dietzzfocon.com/ (USA)
- http://exsuperbrain.com/ (UK)
- http://weightuulossu.com/ (Netherlands)
- http://zbiginbrain.com/ (Netherlands)
- http://infocoolvip.com/ (Netherlands)
- http://habzbrain.com/ (USA)
- http://dietzzfocon.com/ (USA)
Microsoft:
Get your heads out of the sand! You have an issue to fix here.
I fix this with deleting skype from my android phone. Maybe it's vulnerability with mobile version of skype
The protocol is broken. Bad guys are capable of sending messages on your behalf regardless your Android-device has the client installed or not.
Looks like this article is related: http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack
https://community.skype.com/t5/Security-Privacy-Trust-and/Link-to-quot-baidu-quot-website-sent-to-all-of-my-contacts/m-p/4526558/highlight/true#M65630
As you can see from my above article, I went trough their pretty standard lure-and-bait -mechanism, but I didn't find anything that would be serious, dangerous or having negative impact to your computer or its well-being. It's just a fake website, but it doesn't spread viruses or isn't attempting to find a security flaw from your system.
Of course, any of that is subject to change in a blink. But that's the situation at the time of writing this reply. It's just a scam, nothing more.
I too have "sent" these links, even though I rarely use Skype. After I was notified I "sent" these links, I merged my Microsoft and Skype Accounts as well as implemented the 2 step verification process.
Anyway, While the link itself is nothing serious, just a fake website, it is still disheartening that my information was compromised at some point.
What is scary is that Microsoft/Skype are simply saying to change your password to something strong / merge your Microsoft and Skype Accounts.
Per the research I have done looking at the various forums and posts - no one can identify what the actual issue is.
Regardless, this is not an authentication issue, or if it is, password has nothing to do with it. They can simply bypass the auth somehow.