Thursday morning I sat down at the crack of dawn, and the first thing I noticed was a lot of activity in my open Skype window.
That was pretty unusual, because Skype is a one on one chat platform, and I’m not used to seeing that many conversations there at once.
In this case though, there were new message notifications from over a dozen people, and I it appeared as if I had been carrying on several “conversations” overnight. Something had “taken over” my Skype about 8pm, and sent out various greetings to every one of my connections that was online.
The greetings were pretty typical, and there were seven of them in all -
- are you on?
- are you around
- hey are you there?
- you there?
- guess what?
Then it got really tricky, and for every person that responded, my “infected” computer began carrying on a fake conversation, all in an attempt to get users to visit a certain website.
What you see below is just one example of what happened, and it’s pretty self explanatory.
That was the longest “conversation” that was carried on, but there are numerous other examples of people that weren’t quite so savvy, and several people did actually click on the link that “I ” had sent them.
Obviously, these types of situations are getting harder to spot, and with more and more clever auto-reply sequences, lots of people can be easily fooled.
How could this happen?
That’s the worst part – I still don’t exactly know where it came from. I immediately changed my password at Skype, and then I scanned my PC for malware, and that did identify some stuff to clean, but mostly just bad cookies. I absolutely could not tell exactly what may have triggered this activity.
Tuesday night I was at an OCCA meeting, and a discussion came up about security, and I admitted to the group that I was too lazy to log out of Facebook and Google etc. and quite often I might stay logged in for days at a time. I was immediately chastised for my lax attention to security, so it did cross my mind that it could be someone trying to teach me a lesson, but I’m pretty sure that’s not the case.
A little bit of research and I found a couple of threads at the Skype forums with similar incidents, here and here but nothing definitive. To make matters worse, as one poster pointed out, if you use Skype from multiple devices, there’s really no way of knowing which device might have been the culprit!
If you are seeing this type of activity on your phone, there’s no guarantee that it’s ordinating from the phone. The vulnerability may possibly only exist on your desktop/laptop computer, then the chat get’s synced to your phone. I would suggest scanning your computers and resetting your Skype profile in order to eliminate the virus.
Also just because a virus out there targets the Skype application does not mean that it can’t be obtained through other web browsing habits. A virus can be obtained anywhere especially through a web browser/java vulnerability that your AntiVirus doesn’t catch. In some cases it doesn’t necessarily require you to do anything but browse the Internet and obtain something via a malicious ad. I’ve seen these same type of viruses/hijack downloads/executions specifically target Facebook, Yahoo mail, etc. as well.
I run up to date Antivirus software from Symantec, and I like to think “I’m smart” and would never click on links that might be suspicious, but I generally only run malware scans when I think something’s wrong, or when the computer seems slow. Clearly that’s not enough.
What Should You Do?
I’ve never been one to shy away from sharing my own embarrassing mistakes if I think it will help others, and there are two morals to this story…
- Make sure to log out of your social networks and chat software daily, whether it’s Skype, Facebook, Linked-in, or whatever. Make sure to do it from all your devices, inconvenience be damned!
- Despite having up to date Antivirus, you really should run a regularly scheduled scan for malware, using one the top programs out there. I like Malware Bytes, which is 100% free for both scanning AND cleanup both “on demand”, so you only have to remember to run them. They also have a paid version that allows you to schedule regular scans, and they have versions available for Android phones too.
I was doing NEITHER of these things, so I consider this whole episode to be my own damn fault…