By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more

Skype ads in rotation have been compromised and contain Malware/Viruses.

This topic has been archived. To keep discussions in the Skype Community relevant we archive topics that haven't seen activity in the past 6 months. Read more about about archiving
Novel Tourist

 

As of yesterday, there are several reports going around the web about people using skype and having their default webbrowser popping up, and automatically redirecting to this malicious webpage:

 

e324rfds.rmicrodefender27.nlXXXXXXXXX/index.php?key=15fd9e2faa63a76d64a16fc02f81f77c

 

I've added the XXXXs so that people will not accidentally click on it.

 

Skype, one or more of your ads in your rotation are infected. The rotating ads only began showing up yesterday, which corresponds with the wave of reports and with Skype being the common denominator. Please take down the ads, at least temporarily, and fix it. And for god's sake, please have some quality control with your ads, unless you want to infect half the world with a trojan.

See more topics labeled with:

Message 1 of 31 (31,193 Views)
30 Replies
Novel Tourist

I've had this pop up twice within the last 24 hours. My friend had this pop up last night too, when we were on totally different sites and different browsers. The only thing we had running at the same time in common (to my knowledge) was Skype. My antivirus picks it up everytime as a rouge scanner. This could really damage some people's systems.

Message 2 of 31 (31,069 Views)
Novel Tourist

Showed up for me and a friend tonight, and last night another friend got it too. Glad to see that I'm not just going crazy.

Message 3 of 31 (31,037 Views)
Casual Tourist

Yep, had Skype open in the background, and after some gaming I found Firefox with this URL open.

Message 4 of 31 (30,953 Views)
Novel Tourist

This just came up. Tried taking me to the same place, but my AV intercepted it.

 

IP: 212.83.155.45

Country: France

Name: ONLINE S.A.S.

 

This NEEDS to be fixed.

Message 5 of 31 (30,859 Views)
Community Ambassador

Don't click on any of these links. e324rfds.rmicrodefender27.nlXXXXXXXXX is a know malware site.

 

Some Danish websites were also recently infected by ads redirecting to this site.

Message 6 of 31 (30,778 Views)
Novel Tourist

Just adding my voice here: I've had this pop up twice now, although the site was blocked from loading each time and anti-malware sweeps afterwards came up clean.

 

And I thought the intermittent audio ads I used to get with Skype were bad.

Message 7 of 31 (30,757 Views)
Casual Tourist

Just got this a short while ago, except the url that loaded was http://wed322d2 windows-defenderpro com/index.php?key=xxxxxxxetc

 

Considering I wasn't at the computer when this happened, I feel like I need to stop using Skype until the ads in question are removed :/

Message 8 of 31 (30,753 Views)
Novel Adventurer

I got this same BS with the windows defender pro thing. I was using Skype and ONLY skype at the time. I am so upset!

 

I've done Malwarebytes scans, antirootkit scans and they come up clean. I closed iexplore.exe in task manager rather than click anything, so hopefully I'm not infected.

 

Ever since the other day when the NEW ads popped up on skype, this seems like a huge security risk!

Message 9 of 31 (30,740 Views)
Novel Adventurer

I was originally going to send this to their email support, but was unable to get through as they are having "problems at the moment":


Wyrenth wrote:

 

I was in a Skype call with my sister, and we both had the following page appear in our web browsers at the same time:

wed322d2.windows-defender2014.nl/index.php?key=f682cfe6025871fc02df5e5ab038f6bb

Note: The link returns a 500 Internal Server Error.

I am trying to narrow down the likely possibilities before looking into other solutions.  Right now, Skype has the strongest correlations because:

1.) Both my sister and I were in a Skype call together when this happened.
2.) Both my sister and I were affected at the exact same time.
3.) Skype now uses intrusive advertisements.

I would like to know if you currently have Softonic as one of your advertising partners.  If you do not, then I need to look into other reasons why their advertisement tried to load on both of our computers at the exact same time.

I would also like to know if Skype allows advertisements to execute script actions, automatically load web links in a browser window, or manually load web links in a browser window.

If, in fact, Skype's advertising network has been compromised, then this is unacceptable.  There is no reason that an aspect of the software that we have no control over should put our computers at risk.  Worse, there are few popular alternatives to transition to should it appear as though Skype's development team is forced to focus more on intrusive and exploitable advertisement measures than secure software.

 

Advertisements should be an IMAGE (NO FLASH) with NO SCRIPT FUNCTIONS OR OTHER FEATURES, and a hyperlink to the promoted item ON MANUAL CLICK ONLY.

 

If you are wandering outside the realm of that, then you are putting peoples computers at risk.  Again, this is unacceptable.

Message 10 of 31 (30,710 Views)
Discussion Stats