Skype bug in the wild

PirateNinjaPirateNinja Icrontian
edited August 2015 in Internet & Media

tldr
There is a nasty skype bug out there, make sure you don't have the user "live" in your contact list. Block if you do. Change your password. Nobody knows what is happening. Panic. I'm embarrassed for sending spoof links.

Long blablabla
Some of you received a bs skype link message from me last night. @midga sent me a message telling me I had a virus that I saw at 4am today. I panicked, uninstalled mobile Skype, reset both my Microsoft pass and Skype pass, and installed avast and malware bytes (neither of which found anything). So, I started to obsess a bit. If this was a hack on my account, which admittedly I hadn't changed the password on in 3ish years, then there should have been notice in my account activity. I checked my account activity and there was nothing suspicious. So down the rabbit hole I went this morning and I found a strange user in my Skype contact list named "live" that had sent me a huge message last night. My skype autoresponded through some magic mystery to its formatted message which looked like this:

id:username:spammessage
id:username:spammessage
id:username:spammessage

for most of my contacts. So having no bad account activity, no viruses (I don't download garbage), and no reason to believe something was wrong on my end I am leaning towards the crazy notion that Skype has some bug with this live user. I do some searching and...
http://community.skype.com/t5/Security-Privacy-Trust-and/Spoofed-message-from-contact/m-p/4079252/highlight/true#M49650

There is a massive thread on Skype's forums right now with about half the posters capable enough to identify this "live" user as the trigger and tons of them like me having no reason to believe their individual account was hacked. Many of them seem competent, some are IT professionals, but the overall theme is that there seems to be some janky bullshit happening with Skype's APIs/account integration/whatever and nobody knows what is happening or how or why. Skype has subtly claimed there may have been a large password breech, but most people who change their password are changing their Microsoft account password and not their associated Skype password which is pretty difficult to do and I would suspect most people can't figure it out.

A few news articles about the exploit:
http://www.makeuseof.com/tag/change-skype-password-avoid-spam-attack/
http://www.itnews.com.au/News/406800,skype-users-plagued-by-ongoing-bogus-messages.aspx
but I can't find anything recent.

primesuspectGHoosdumBobbyDigiBasilStraight_ManTushonpigflipper
Sign In or Register to comment.