I received a message earlier today from a friend on my contact list whom I don't normally have Skype conversations with. Content was (I've modified the URL slightly)
Hi! ht tp://goo.gl/8289Yj
The link resolves to a Russian/.ru site so I immediately knew I had been duped and closed the window before the page loaded.
He checked his Skype account and didn't see any activity and he also checked the MSA his Skype account is associated with (via http://account.live.com > Security > Recent Activity) did see any suspicious activity.
So it appears his account has been spoofed on Skype. How is this even technically possible?
Solved! Go to Solution.
28-07-2015 12:21 - edited 29-07-2015 08:52
We’ve been working on the spam problem some of you have experienced. Whilst there has been no breach of the network, or malware exploit of a vulnerability, our investigations indicate that attackers are using a list of stolen usernames and their associated passwords to try and log into Skype accounts. Although most of their attempts are blocked or fail – many of the usernames they try don’t event exist as Skype usernames – a small percentage are successful.
Unfortunately, login credentials are highly valued by motivated and resourced cyber criminals whose efforts to steal them are not only a challenge for the IT industry and law enforcement, but society as a whole. Our conclusion is that this issue impacts customers who use, or have in the past used, the same username and password combination they use for Skype on other services as well, and at some time in the past have had those credentials stolen – possibly through a phishing attack or some other form of cybercriminal activity.
We started investigating the spam issue when it first appeared and have put in place measures to block the attackers and protect customers. Without giving details that would inadvertently tip off those behind the spam, I can tell you that we have implemented a number of measures to harden the spam detection and login process.
With control of a username and password an attacker won’t need your device to be switched on to send spam. The best defence is to change your Skype password. If you can’t remember your Skype password, this guide will help. If you have linked your Skype account to a Microsoft Account, or some other service like Facebook, make sure you change the password you use uniquely for Skype and allow 24 hours for it to take effect. And of course, make sure you choose a strong password. This information will help you. If you haven’t already, you might also consider adding a valid email address and phone number to your Skype profile so we can better help you recover your account should that ever be needed.
We take the security of our customers’ accounts very seriously and our vigilance is constant. More advice on how to help keep your Skype account secure can be found here.
[Edited on July 29th to highlight information about linked accounts.]
My friend just got the exact same thing... Antivirus are actually running, but nothing for now... Does someone have an idea about that ? Is it a random new virus, a skype issue... ? Is it safe to use that computer as usual after that ?
My account sent out the same message OP describes. The message was sent at 2345 UTC on 01-07-2015 to all contacts.
As a precaution, I changed my Skype password on a different machine. I also checked whether anything strange was accessing the API, but this did not appear to be the case.
I viewed the recent activity in the MSA my Skype account is associated with, as per OP. I found several instances where the password was entered incorrectly (the password for my Skype account and MSA are different), traced to my IP address using Internet Explorer (which I do not use). I have since unlinked my MSA.
Please advise. Thank you very much in advance.
I'd like to clarify the question previously posted.
"Is it possible skype themselves have been compromised?"
The likelihood of this is very slim. Their databases are quite secure. I'd rather like to suggest a few more probable causes.
I hope that clears some things up. Good luck to you all, and have a nice day!
I just got hit by this as well and I'm spending the day apologising to everyone who the automated message was sent to. What sucks is this was my work account. Luckily everyone has been understanding, as I don't ever do anything like that.
This morning (2015-07-02 8:39~8:41 CET) my account sent a SPAM message to every one of my contacts.
Message was really short:
Hi! [goog.gl shortened link]
I would like to discover:
Are my devices sending this messages? (have been compromised) in this case which one(s)?
Has been my password been compromised? (anyway already changed) or they gained access to the account trough different way.
It will be really useful to have a log of connections for this cases (IP time etc)
Will be great if you can help me to fix/avoid this situation.