Skype protocol hacked, part 2
Monday, November 14. 2016
On Friday 11th November, I got yet another Baidu-link from one of the same contacts, I've already received some.
As I've been communicating with the persons who are "sending" me these links, they have changed their Skype-password for their old logins since this incident gained publicity. At this point, I'm ready to bet serious money on the fact, that this is not what Microsoft officals state, a case of re-using leaked passwords. This is a serious incident with protocol having a security flaw which is being exploited by somebody who loves pointing a finger to Baidu. As the link-jumping ends at a fake Forbes site with a fake article about a miracle pill allowing you to access 100% of your brain, I don't think Chinese have anything to do with this case. IMHO this points to Russia based on the fact, that this link rotator is located in a .ru-domain and is located in St. Petersburg, Russia.
This is how the fake Baidu-link redirects your request:
- Initial site sent via Skype: http://www.baidu.com/link
- Link rotator: http://acondi.ru/
- Taget sites:
- http://dietzzfocon.com/ (USA)
- http://exsuperbrain.com/ (UK)
- http://weightuulossu.com/ (Netherlands)
- http://zbiginbrain.com/ (Netherlands)
- http://infocoolvip.com/ (Netherlands)
- http://habzbrain.com/ (USA)
- http://dietzzfocon.com/ (USA)
Microsoft:
Get your heads out of the sand! You have an issue to fix here.
Rito on :
I fix this with deleting skype from my android phone. Maybe it's vulnerability with mobile version of skype
Jari Turkia on :
The protocol is broken. Bad guys are capable of sending messages on your behalf regardless your Android-device has the client installed or not.
rb on :
Jari Turkia on :
jonas on :
Looks like this article is related: http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack
Jari Turkia on :
Austin on :
Jari Turkia on :
https://community.skype.com/t5/Security-Privacy-Trust-and/Link-to-quot-baidu-quot-website-sent-to-all-of-my-contacts/m-p/4526558/highlight/true#M65630
As you can see from my above article, I went trough their pretty standard lure-and-bait -mechanism, but I didn't find anything that would be serious, dangerous or having negative impact to your computer or its well-being. It's just a fake website, but it doesn't spread viruses or isn't attempting to find a security flaw from your system.
Of course, any of that is subject to change in a blink. But that's the situation at the time of writing this reply. It's just a scam, nothing more.
BD on :
I too have "sent" these links, even though I rarely use Skype. After I was notified I "sent" these links, I merged my Microsoft and Skype Accounts as well as implemented the 2 step verification process.
Anyway, While the link itself is nothing serious, just a fake website, it is still disheartening that my information was compromised at some point.
What is scary is that Microsoft/Skype are simply saying to change your password to something strong / merge your Microsoft and Skype Accounts.
Per the research I have done looking at the various forums and posts - no one can identify what the actual issue is.
Jari Turkia on :
Regardless, this is not an authentication issue, or if it is, password has nothing to do with it. They can simply bypass the auth somehow.