Skype users plagued by ongoing bogus messages
- Published
Skype users remain in the dark over a security issue that has resulted in their accounts sending out spam unnoticed, with Microsoft seemingly unable to rectify the problem.
One user, uint128, first reported the issue three weeks ago in a Skype community forum, saying they had a received a message from a friend on their contact list that included a hyperlink to a Russian pornographic website.
The friend of uint128 could not see any activity on his Skype account, nor was there any suspicious activity visible in his linked Microsoft account.
Several other users have since reported similar messages being sent to their entire contacts directories - with similar goog.gl shortened links - over the last few weeks.
The spam messages appear to be sent from Windows and Apple computers, as well as iPhones and iPads with the Skype client installed.
Microsoft two weeks ago acknowledged the user reports and advised Skype users to change their passwords.
It said those who have linked Skype accounts to their Microsoft accounts - something the software suggests to do - should also change their password on the latter account.
Spam still flooding in
But users continue to report messages appearing, with the problem also affecting those that have not logged into Skype for months on end.
Several people also said they had not linked their Skype accounts to their Microsoft accounts, yet their contacts were still being sent the bogus spam messages.
A community manager in the Microsoft forum suggested the issue might be a virus that was going undetected by security software.
The community manager said the malware could be using the Skype Desktop Application Programming Interface (API) to send out the spam messages, and advised users to check "Manage other programs' access to Skype" section under the Tools -> Advanced menu and remove any unknown entries.
But the suggestion appears not to be a valid fix, with many users reporting no third-party programs listed as using the Skype Desktop API.
The community manager posted a later message after Microsoft investigated the issue, blaming users' password management.
"Our investigation indicates that cybercriminals are using an automated technique to exploit weak or re-used passwords. We have taken steps to address the issue and will continue doing so while we monitor the situation," the community manager wrote.
Although the spam messages are not easily visible in the Skype desktop client, one forum user said using the web-based app and starting a new chat with any contact displayed the unwanted missives.
As of writing, users are continuing to report that their Skype accounts are sending out spam to their contacts.