malware Skype users exposed to malware through in-app ads

[WALLONN7]

A fake Flash Player update ad on Skype | via reddit

A number of users are complaining that the popular communication application Skype has been hosting rogue advertisements, which has a large risk of triggering malware.

 

The issue was elevated to reddit last Wednesday, where the original poster complained that a malicious ad appeared while he was on Skype's home screen, and it was pretending to be a Flash update for the computer's browser.

 

As the redditor points out, the ad would prompt the user to download an HTML application named "FlashPlayer.hta," designed to look like a legitimate program. However, once opened, it would download a malicious payload, which could potentially harm a computer in the long run.

 

The poster has successfully deconstructed the code, and has posted it publicly on reddit.

In an investigation by ZDNet, the experts they contacted found the following regarding rogue Skype ads:

 

Quote

The "fake Flash" ad, designed to target Windows machines, pushed a download, which when opened would trigger obfuscated JavaScript. The code starts a new command line, then deletes the application that the user just opened, and runs a PowerShell command, which then downloads a JavaScript Encoded Script (JSE) from a domain that no longer exists, likely one of many disposable domains used to hide an attacker's operations.

 

According to Ali-Reza Anghaie, co-founder of cybersecurity firm Phobos Group, the issue is what is called a "two-stage dropper". "It's effectively the utility component of the malware that then decides what else to do based on the command and control it connects to", he shared.

While the domain used by the attacker no longer exists, Anghaie believes that it very likely serves ransomware.

Other people have complained about malicious ads inside Skype, with the fake Flash update as a common denominator.

 

Responding to the issue, a Microsoft spokesperson said that the issue was a "social-engineering effort," and that they should not be held responsible for the malicious content. The company further explains:

Quote

We're aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software.

 

As stated, it pays to be careful in opening suspicious content off the internet. Many are out there to deceive users, and steal sensitive information, aside from malware's usual work of wreaking havoc in our computers.

 

Source

[steven36]

[knowledge-Spammer]

use adguard will help

[steven36]

  Scirpt for Powershell

 

[powershell] skype-ad-remove.ps1

 

Quote

 

param(

    [Parameter(Position=0,Mandatory=$true)][string]$skypename

)

$file_path = "$env:APPDATA\skype\$skypename\config.xml"

if($(Test-Path $file_path) -eq $false) {

    Write-Host -ForegroundColor Red -Object "File not found: $file_path"

    Read-Host

    break

}

$xml_path = Resolve-Path $file_path

$xml_file = Get-Item $xml_path

$xml=New-Object XML

$xml.PreserveWhitespace = $true

$xml.load($xml_path)

$xml.SelectNodes('//AdvertEastRailsEnabled')[0].InnerText = 0

$xml.SelectNodes('//AdvertPlaceholder')[0].InnerText = 0

if($xml_file.IsReadOnly -eq $true) {

    $xml_file.IsReadOnly = $false

}

$xml.save($xml_path);

$xml_file.IsReadOnly = $true

Write-Host -ForegroundColor Green -Object "Everything is done! Restart skype and see the magic!"

Read-Host

 

https://codegists.com/snippet/powershell/skype-ad-removeps1_fat763_powershell

Here's another way

How to disable ads in Skype [updated for recent versions]

http://winaero.com/blog/how-to-disable-ads-in-skype-updated-for-recent-versions/

This is how i block ads in 3rd party apps that use IE  so it works for a lot of things .

[banned]

 

5 hours ago, steven36 said:

 

http://winaero.com/blog/how-to-disable-ads-in-skype-updated-for-recent-versions/

This is how i block ads in 3rd party apps that use IE  so it works for a lot of things .

 

Since I haven't used Internet Explorer for a long time now (besides going to Microsoft Update) I set the security options to maximum and I also notice ads being blocked in some applications. Not sure if this applies to Skype, because I don't use it.

[steven36]

32 minutes ago, banned said:

 

 

Since I haven't used Internet Explorer for a long time now (besides going to Microsoft Update) I set the security options to maximum and I also notice ads being blocked in some applications. Not sure if this applies to Skype, because I don't use it.

Here is another to do it with host blocks.

Quote

# On Windows 7, 8, 10 Hosts file is in c:\windows\system32\drivers\etc\hosts # # Block Skype ads

 

127.0.0.1 secure-sin.adnxs.com # On skype 7.* 127.0.0.1 *.adnxs.com # On skype 7.* 127.0.0.1 logi10.xiti.com # On skype 7.* 127.0.0.1 *.everesttech.net # On skype 7.* 127.0.0.1 pixel.everesttech.net # On skype 7.* 127.0.0.1 d.adroll.com # On skype 7.* 127.0.0.1 *.msads.net 127.0.0.1 *.msecn.net 127.0.0.1 *.rad.msn.com 127.0.0.1 a.ads2.msads.net 127.0.0.1 ac3.msn.com 127.0.0.1 ad.doubleclick.net 127.0.0.1 adnexus.net 127.0.0.1 adnxs.com 127.0.0.1 ads1.msn.com 127.0.0.1 ads2.msads.net 127.0.0.1 aka-cdn-ns.adtech.de #127.0.0.1 apps.skype.com # keep this if you want to see Skype Home. 127.0.0.1 b.ads2.msads.net 127.0.0.1 bs.serving-sys.com 127.0.0.1 cdn.atdmt.com 127.0.0.1 cds26.ams9.msecn.net 127.0.0.1 db3aqu.atdmt.com 127.0.0.1 ec.atdmt.com 127.0.0.1 flex.msn.com 127.0.0.1 g.msn.com 127.0.0.1 live.rads.msn.com 127.0.0.1 msntest.serving-sys.com 127.0.0.1 rad.msn.com 127.0.0.1 sO.2mdn.net 127.0.0.1 secure.flashtalking.com 127.0.0.1 static.2mdn.net 127.0.0.1 static.2mdn.net

 

 

 

But you also need to do this too remove the place holders

Quote

 

Removing the adds does not remove the add placeholder. This can be removed by going to: %appdata%/skype/YOUR_USER_NAME/config.xml and set all Advert values to 0:

      <AdvertEastRailsEnabled>0</AdvertEastRailsEnabled>
      <AdvertLargeEastRailCutoff>0</AdvertLargeEastRailCutoff>
      <AdvertNorthRailCutoff>0</AdvertNorthRailCutoff>
      <AdvertPlaceholder>0</AdvertPlaceholder>
      <AdvertSmallEastRailCutoff>0</AdvertSmallEastRailCutoff>

 

You can bookmark this info here if yo use Skype 

https://gist.github.com/joielechong/d0042338fd3132013aec4ee56045e558

 

 

[SPECTRUM]

7 hours ago, steven36 said:

  Scirpt for Powershell

 

[powershell] skype-ad-remove.ps1

 

https://codegists.com/snippet/powershell/skype-ad-removeps1_fat763_powershell

Here's another way

How to disable ads in Skype [updated for recent versions]

http://winaero.com/blog/how-to-disable-ads-in-skype-updated-for-recent-versions/

This is how i block ads in 3rd party apps that use IE  so it works for a lot of things .

 

nah xD

 

my method is more easy...

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skype.com\apps]
"https"=dword:00000004

 

and save it as a .reg file