Fri 7th Sep 2018 at 08:51

Skype Adverts Compromised?

So my work computer started randomly launching a phishing site into my default browser yesterday. I performed a full scan and that yielded no results. I eventually pinpointed it to Skype.

  • Quit Skype, website does not get launched.
  • Launch Skype, website gets launched after a few minutes.

I am using version as version 8 does not allow chats to be in multiple windows. I successfully replicated this on one other (clean) machine and also a colleague of mine described a similar issue with their set up. However, 
Firing up Fiddler and leaving it running for an hour (with only Skype running) revealed what was happening. It seems that Skype loads it's adverts via SkypeBrowserHost and uses (in my case), which some times is fine, but will occasionally hit one particular path (/banner?sid=3699872&kid=2755741&wpt=H) that results in launching an address @ (/?utm_medium=d85c315fb29b4c572165220204a9e65ad6a2145f&utm_campaign=SK_UK2) in my default broiwser, which then redirects a few times prior to telling me I have won a prize (i'm not including links to these)

I have now added to my hosts filepointing at and as an extra precaution, I have renamed SkypeBrowserHost.exe (probably over kill)

I have also contacted to inform that one of their adverts is redirecting to a scam/phishing site.

Malwarebytes, Adaware, Seek & Destroy and ESET are all showing my machine(s) to be clean, so I'm pretty confident that I've not been got. So just wondering if anyone else has come across this, and if so, hopefuly my fix can help others.

This site uses cookies, please read my cookie policy.