Impersonation

It appears that someone is attempting to perpetrate a form of the ‘Nigerian’ or ‘Foreign Lottery’ scam using the Skype brand, promising to pay significant prize winnings in a contest.

If you have received an email that appears to be from Skype, please do not respond and/or share any personal and private information as the result of this email.

Here's the version of the message we've seen making the rounds:

It appears some of our users have been subject to phishing emails - if you have received an email that appears to be from Skype, please DO NOT enter your username and password as the result of this email.

Also, as a consequence of this, skype.com's mail servers are currently down (we are subject to a flood of bounced emails from emails that do not exist as a result of the phishing emails) - this means our customer support is not currently contactable.

We are doing our best to resolve this situation as quickly as we can and will post updates here as soon as we have them. Please bear with us during while work on solving this.

UPDATE: We are happy to let you know that our mail servers are back up, customer support is available and the phishing sites associated with this incident are no longer active. As a reminder, we strongly encourage users to be cautious when responding to any email that requests sensitive personal information.

In early November, Zero Day Initiative informed Skype of a vulnerability that allows a remote attacker to execute arbitrary code, provided that the user visits a malicious website.

The flaw exists within the skype4com URI handler component of Skype. An exploitable memory corruption may occur during the parsing of URIs which can result in arbitrary code execution under the user rights of the current Windows account.

The issue was fixed in the public release of Skype 3.6 for Windows. All versions of Skype for Windows updated or installed as of November 15 include the patch.

At Skype, we strive to inform the public of vulnerabilities and malware that may affect Skype software. While this particular vulnerability was fixed, there was an unintentional communication oversight and we failed to bring the case to the public's attention. All we can do now is to apologize.

Meanwhile, we'd like to advise users to always upgrade to the latest version of Skype. This ensures access to the latest features, improvements and fixes, and helps get the most out of your Skype experience.

Looks like virus writers are at it again. Some Skype users have been contacted over chat by people warning against viruses and offering to send the user a file that masquerades as Spyware Doctor, a popular anti-malware program from PC Tools. Needless to say, the file they're attempting to send (SpyWareDoctorSetup.exe) is not the real thing. Instead, it's a piece of malware, affecting Windows users. Do not accept or run this executable file.

Continue reading "Password stealer" »

Yep, I got one too: An officious e-mail that starts off by saying, "We regret to inform you that your online profile was not successfully updated and your Skype account has been temporarily suspended...," blah, blah, blah. Of course, the e-mail is a phish. It didn't originate from Skype.

If you haven't been keeping up with the terminology recently, phishing attacks are attempts to get consumers to reveal account details or personal information about themselves. The attacks use all sorts of methods, including 'spoofed' e-mails and fake websites that often look identical to the real ones. Some attacks go further, by enticing the unwitting user into installing malware such as keystroke loggers onto their computers.

Continue reading "Tuna phish" »

We get all sorts of pranksters/"hackers" on Skype. Some of them less serious, some more so. Here's another variation.

x says: people calling, saying it is a Skype admin test call and please leave your PC on and alone for a few hours
x says: sounds very dodgy and dangerous to me, sounds like hacking
x says: maybe you should publicise on the front page that Skype never initiate test calls
x says: what do they do when people leave the pc alone?, not entirly sure but some sort of hacking software to extract info from the PC

So, to make it clear, Skype never initiates test calls to random people. Unless of course it's previously agreed and you know to expect it. If you get a random user claiming a Skype test call and it hasn't been previously agreed, they're most likely tricking you into ... something. Don't exactly know what that would be, but be careful anyway. If in doubt, hang up. Don't give strangers your passwords and other sensitive data - you know, the usual advice.

The good news is, you can leave a Skype call on for hours, without any harm getting done. No hacks can come to you just through a call or text chat. With file transfer, it is different - malicious files can be transferred just as "good" files. So double-check all the files you receive before opening them. Accepting pictures of celebrities from strangers is a BAD idea.