Skip to main content

Malicious Ads Move from Browsers to Skype

Web users and advertisers often disagree about online ads, but malvertising — display ads injected with malicious code that tries to execute when an ad loads in a Web browser — is hard to love. Now it seems that malvertising campaigns are spreading from Web browsers to other Web-using applications, such as Skype.

Credit: RawPixel.com/Shutterstock

(Image credit: RawPixel.com/Shutterstock)

Ads normally show up in a Skype user's home screen, and during audio conversations. Finnish security firm F-Secure found that some of those ads were a part of a recent malvertising campaign.

If a user were to click one of those Skype ads, the user's browser would be taken to malicious website that harbored the notorious Angler browser exploit kit. (The same malicious ads appeared on MSN.com, Wikia.com, the Italian version of eBay and the Daily Mail website.)

MORE: What Is Malware? How It Can Affect Your Computer

Angler is one of several browser exploit kits, constantly changing bundles of malware that attack visiting Web browsers with exploits of multiple security flaws, then install various kinds of malware once they get through. In this case, Angler tried to infect Windows PCs with the Teslacrypt strain of encrypting ransomware, which locks up a user's files until the user pays a ransom of several hundred dollars.

Since Angler is designed to attack Web browsers, not Skype, the chat service's users were safe as long as they didn't click on the malicious ads. To protect yourself from future malvertising that appears on Skype or other non-browser Internet-connected desktop applications, simply never click on those ads.

  • jakjawagon
    This is nothing. I've seen malicious adverts in Minesweeper that were clever enough to open tabs in my browser. Why Microsoft thought Minesweeper needed ads in the first place I don't know. Frankly every change they've made to Minesweeper since Windows XP has been negative.
    This is also not the first time a Microsoft-owned chat client has has a problem with its adverts. In ~2008 there was a string of advertisements in MSN Messenger that used a ridiculous amount of CPU, though I suspect incompetence, rather than malice, was to blame for that incident.
    Reply
  • henrytcasey
    It's a shame that Microsoft feels the need to pinch pennies like this and skim ad revenue from their preloaded applications. They're supposed to be setting the standards, not bowing to the lowest level.

    And as to whether malice or incompetence, which would be more shameful for them? I'm not sure.

    17485362 said:
    This is nothing. I've seen malicious adverts in Minesweeper that were clever enough to open tabs in my browser. Why Microsoft thought Minesweeper needed ads in the first place I don't know. Frankly every change they've made to Minesweeper since Windows XP has been negative.
    This is also not the first time a Microsoft-owned chat client has has a problem with its adverts. In ~2008 there was a string of advertisements in MSN Messenger that used a ridiculous amount of CPU, though I suspect incompetence, rather than malice, was to blame for that incident.

    Reply
  • ScottyBoyK1
    Ads in Minesweeper? are you sure it's not adware from something you downloaded?
    Reply
  • rgd1101
    17499753 said:
    Ads in Minesweeper? are you sure it's not adware from something you downloaded?

    It a ads supported game in windows 10.
    https://www.microsoft.com/en-US/store/apps/Microsoft-Minesweeper/9WZDNCRFHWCN
    Reply
  • ScottyBoyK1
    17499975 said:
    17499753 said:
    Ads in Minesweeper? are you sure it's not adware from something you downloaded?

    It a ads supported game in windows 10.
    https://www.microsoft.com/en-US/store/apps/Microsoft-Minesweeper/9WZDNCRFHWCN

    ohhhh ok, i thought about the normal version.
    Reply