Skype is one of the most widely used VoIP software used by the netizens around for voice calls and chatting. For the past few months, its under heavy attacks of hackers. Be it an XSS bug or scareware spreads, Skype is becoming an easy target for hackers. In the first case, Mr. Graham Cluley from Sohpos highlighted the new attempt made by hackers to scare people which relies on using Skype voice calls to alert random members that their computer is unprotected. The voice in the message is generated by a well-known text reader application and after it recites the message “Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK],” it hangs up. The link redirects users to a website. The website actually does a fake scan of your system and, after the whole thing is done, you are informed that your machine is unprotected. Its jyst another scareware campaign, but well planned this time!
Fake website. Image courtesy: Sophos
In the second classic case, an XSS bug in the iPhone and iPad version of the Skype client, in combination with an incorrect WebKit setting, allows an attacker to directly access files on the device, including the user’s Address Book. The XSS bug itself is an incorrect encoding of the incoming user’s Full Name which allows JavaScript code to be embedded in it. The problem is made more exploitable by the way Skype uses the embeddable WebKit browser; Skype developers have set the URI scheme for the embedded browser to “file://”. This error allows an attacker to access the file system and read any file that the app would be allowed to read by the iOS application sandbox. One file that every iOS application has access to is the user’s SQLlite AddressBook database. You can get the glimpse of the exploitation in action from here.
Now the main fact is that users should be vigilant. In most of the cases less awareness is the main cause behind large planned attacks such as spreading of scareware. So stay safe and secure. 
