View unanswered posts | View active topics * FAQ    * Search
* Login 




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 
rafaelmacgyver
 
PostPosted: Sun, Aug 14 2016, 13:03 PM 

User avatar

Player

Joined: 12 Apr 2010
Location: Rio de Janeiro - Brazil

So... I wake up today to see my Skype sent a weird message to my -entire- contact list....

When I went to search for what it could be... the official answer from Skype's people from like the same issue that happened before seems to be:

"This is one of a number of similar virus infections which mutate through the host user's computer to stored contacts - often using the Address Book."

Though my antivirus... anti malware / spyware are all up to date and their scans found nothing at all...

Oh well... way to wake up on a Sunday...

_________________
Wilfire Strongfeet (Tight pants)
Adela Griffonheart (Poke)
Hallvardr Erikson (Sexy Boy)
Emilly MacMillan (Happy)

Image Image

Sprites by Raua!


 
      
Commie
 
PostPosted: Sun, Aug 14 2016, 15:19 PM 

User avatar

Player

Joined: 02 Dec 2015

do you use the same password for skype anywhere else?

is your email on this site? https://haveibeenpwned.com/

what AV do you use?

_________________
ANT ALARM

Count Kaldrjarn Pitt | Archmage Kilmar | Sarguk Morderer

ANT ALARM

MisterLich wrote:
First of all, my brain is one of the best here.


 
      
rafaelmacgyver
 
PostPosted: Sun, Aug 14 2016, 17:14 PM 

User avatar

Player

Joined: 12 Apr 2010
Location: Rio de Janeiro - Brazil

I used Avast.. I also use Spybot.. and ran adw cleaner.. also Junkware Removal Tool and got nothing..

My email is on that site and the two occurrences the site shows kinda coincides with the two times the email service told me someone tried to connect it.. and got blocked...

_________________
Wilfire Strongfeet (Tight pants)
Adela Griffonheart (Poke)
Hallvardr Erikson (Sexy Boy)
Emilly MacMillan (Happy)

Image Image

Sprites by Raua!


 
      
Commie
 
PostPosted: Sun, Aug 14 2016, 18:13 PM 

User avatar

Player

Joined: 02 Dec 2015

Well there you go. Stop using universal passwords. Secure your email.

Also your choice in Antivirus is kind of sub par consider something like eset smart security and removing all thst stuff you have now.

_________________
ANT ALARM

Count Kaldrjarn Pitt | Archmage Kilmar | Sarguk Morderer

ANT ALARM

MisterLich wrote:
First of all, my brain is one of the best here.


 
      
rafaelmacgyver
 
PostPosted: Sun, Aug 14 2016, 18:29 PM 

User avatar

Player

Joined: 12 Apr 2010
Location: Rio de Janeiro - Brazil

I have one password for each thing I have... I have no idea how I can remember it all... >.<

And that antivirus you said seems to only have a 30 day trial and the rest is paid.. I cannot afford it right now...

But well.. thanks for the help!

_________________
Wilfire Strongfeet (Tight pants)
Adela Griffonheart (Poke)
Hallvardr Erikson (Sexy Boy)
Emilly MacMillan (Happy)

Image Image

Sprites by Raua!


 
      
Commie
 
PostPosted: Sun, Aug 14 2016, 19:41 PM 

User avatar

Player

Joined: 02 Dec 2015

Well if your Skype gets hacked you're putting everyone on your friends list at risk.

_________________
ANT ALARM

Count Kaldrjarn Pitt | Archmage Kilmar | Sarguk Morderer

ANT ALARM

MisterLich wrote:
First of all, my brain is one of the best here.


 
      
LibrisMortis_666
 
PostPosted: Sun, Aug 14 2016, 22:01 PM 

User avatar

Player

Joined: 02 Jun 2015
Location: Georgia, United States.

If he can't afford it then it isn't his fault, Commie.

Goodluck rafael.

_________________
This is our DMsImage


Auri: Champion of Bahamut


 
      
Commie
 
PostPosted: Sun, Aug 14 2016, 23:01 PM 

User avatar

Player

Joined: 02 Dec 2015

well with strong passwords and a proper av it won't happen.

obviously if your account is spamming up links to people on their friends list you've got issues.

_________________
ANT ALARM

Count Kaldrjarn Pitt | Archmage Kilmar | Sarguk Morderer

ANT ALARM

MisterLich wrote:
First of all, my brain is one of the best here.


 
      
rafaelmacgyver
 
PostPosted: Mon, Aug 15 2016, 12:32 PM 

User avatar

Player

Joined: 12 Apr 2010
Location: Rio de Janeiro - Brazil

Downloaded the trial version of the antivirus you suggested... ran it and nothing was found...

Did test with other things also in Safe Mode boot whatever the name in English... nothing was found...

Changed the password of Skype -again- to something I've needed a large piece of paper to write down...

That all was yesterday... woke up today... no more messages sent.. lets see how it goes...

_________________
Wilfire Strongfeet (Tight pants)
Adela Griffonheart (Poke)
Hallvardr Erikson (Sexy Boy)
Emilly MacMillan (Happy)

Image Image

Sprites by Raua!


 
      
Silkelock
 
PostPosted: Mon, Aug 15 2016, 12:44 PM 

User avatar

Player

Joined: 17 Jun 2011
Location: Sweden

Just Google this and read on the skype forums :)

Quote:

It could be that the malicious software that sends out the spam (but hasn't been detected by malwarebytes or antivirus yet as it in itself doesn't do anything malicious apart from spamming Skype) is actually using the Skype Desktop API to send out the IM spam.

Check the following:

Check 3rd party app access to Skype Desktop API
Open Skype Options. That's the last item in the "Tools" menu
Open the section "Advanced"
At the bottom of the page there's a "Manage other programs' access to Skype" link. Follow that.
Go through the list "Manage API Access Control" and remove any entris unkown to you.

Check linked Microsoft account activity
If you linked your Microsoft account to your Skype account check the activity on your linked Microsoft account: http://account.live.com > Security > Recent Activity

_________________
Image

Life should be prolonged only when it serves the greater cause of the death of the world.


 
      
Terra_777
 
PostPosted: Mon, Aug 15 2016, 14:08 PM 

User avatar

Administrative Developer

Joined: 31 Jan 2007
Location: Sweden

There are several ways to send a message on someone elses skype. Much computer science-y stuff ahead;

1: They got your password, put it on a list, the list is accessed by a bot that puts out the desired spam to all contacts or something similar. This is the most likely. I recommend getting http://keepass.info/ put a very strong master password that you can remember then just generate all your passwords and store them there.

2: A program is listening to the same port as Skype is, fishing the handshakes for the keys to decrypt/encrypt messages and then simply sends its own packages down the same open line using skypes protocol. The good old msn viruses did this, if you do have one of these they'll be found in your process list or services.

3: Code injection, this is what nwnx does to nwserver. It rewrites machine code instructions so that they do something else or jump (or call) another section of the program or custom code that you've loaded into memory. If someone has decompiled and reverse engineered parts of skype then it'd be trivial to create a program that injects codes into it that forces it send the desired spam. However your anti-virus would most likely detect and some programs has counter measures against this by checksumming their own loaded program.

Code injections can be modifications to the .exe which means it'd be undone if the .exe file was replaced. Code injections that happens on running processes needs another process to do it as an example NWNX.exe is starts and injects code into nwserver.exe. The functions required to inject code also requires elevated permissions.

_________________
Fear is not evil… It tells you what your weakness is. And once you know your weakness, you can become stronger as well as kinder. - Gildarts Clive, Fairy Tail, Hiro Mashima.


 
      
rafaelmacgyver
 
PostPosted: Mon, Aug 15 2016, 18:37 PM 

User avatar

Player

Joined: 12 Apr 2010
Location: Rio de Janeiro - Brazil

I removed just one thing on Manage API Access Control

I really prefer to keep the passwords on my head or on paper

All antivirus I've used did not detected anything and I manually checked -every- process that are active

Got a new .exe when I've reinstalled it.



Well... so far no more new msgs were sent... I will keep changing password daily for a while...

Thanks everyone for the help! Luvs u all! XD

_________________
Wilfire Strongfeet (Tight pants)
Adela Griffonheart (Poke)
Hallvardr Erikson (Sexy Boy)
Emilly MacMillan (Happy)

Image Image

Sprites by Raua!


 
      
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 12 posts ] 


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group