Some Skype users have reported seeing malicious ads inside their Skype clients in recent days that lead to a site that tries to download a fake Adobe or Java update.
Users in the Skype community forum on Monday said that they have been seeing a banner ad that, if clicked on, will lead to a dodgy site that attempts to install software that’s disguised as either an Adobe or Java update. This is a common tactic for attackers using malicious ads in a variety of contexts. They often will try to entice users to click on an ad or link by telling them that they need to update a common piece of software, often Adobe Flash, Java or QuickTime.
In this instance, the ads are appearing in users’ Skype clients, informing them that some content requires an Adobe update. The text of the ad has some misspellings and doesn’t really look like a dialog box that Flash would show a user. But for users who may be unfamiliar with genuine update mechanisms, it could be effective. Users in the Skype forum said that following the link in the ad takes victims to a site that tries to install an app on their machines.
“DO NOT CLICK ON THE AD!! It will take you to a site pretending to be Adobe and try to download viruses to your machine,” a member using the name DavidR6 said in a post on the Skype community forum.
A Skype community manager recommended that the user run a Fiddler trace on the traffic from the machine to the site to see what exactly the path was.
“Should you still see this issue you can help us by providing a so called ‘Fiddler trace’. This includes a trace of the web resources accessed when this ad page is opened. This will help us confirm or rule out if a Skype ad is actually causing the behaviour you describe in this topic,” the manager wrote.
Many large Web properties and applications use syndication networks to serve ads to users, but it’s not clear whether Skype employs a syndication network.
A request for comment sent to Skype, which is owned by Microsoft, wasn’t returned.