On Sunday (05/07/2015 – Australian Date Format) my Skype sent out a series of links to people in the format of the title above. I was using the computer at the time but I wasn’t doing anything on Skype.
My first thought was a virus, malware or trojan so I ran a full scan of the computer and while some items were detected it didn’t appear the computer was infected. I then stumbled upon a long thread on the skype community forums – “Spoofed message from contact” that appears this problem is more widespread than just me and that a variety of people, on different Operating Systems in various parts of the world, all experienced Skype spam around the same time.
Reading between the lines of the Microsoft official community engagement posts scattered throughout that thread, it appears:
- Accounts with either poor passwords or compromised accounts through another source were targetted
- It is likely the attackers hit a Microsoft API directly as opposed to going via a particular client. This explains why there is not a pattern in the thread in terms of OS, and some people claim that skype was logged out or off at the time.
Best practice at this time appears to be:
- Change both Skype and Windows password. I generated a new 12-character password using LastPass for mine. Unfortunately the Windows one needs to be memorable as I need to use it to login to my home PC
- Review the list of Apps that have API access. I didn’t have any in this category
- Virus scan. I used Kaspersky because in a previous job I ran a comparison of a number of different tools and it was consistently one of the better performers, and because it’s one of the few non-US based virus scanning products out there and therefore less likely to be NSA-backdoor’d (although we are likely all owned anyway!)
Another unfortunate reminder about the realities of web security. I’ll keep this post updated if more information comes out as to likely causes of the attack.