Firm says it’s not its fault for displaying malicious ads

Apr 3, 2017 08:19 GMT  ·  By

A number of users running Microsoft’s Skype VoIP client on Windows are being served malicious ads trying to push a fake Adobe Flash Player update that eventually leads to a malware infection.

The rogue advertisement was first observed and reported on Reddit, with user j8048188 explaining that when clicking the ad in Skype, it attempts to download a file called FlashPlayer.hta.

Once this HTML application is installed and launched, it attempts to download another package trying to trigger a series of tasks that involves running JavaScript and PowerShell commands to attempt to get past antivirus software and remove the rogue app from the system.

For some reason, however, the command and control center that the malware attempts to connect to is no longer available, so the attack is incomplete, though malware waiting for instructions is deployed and remains on the vulnerable computer unless manually removed.

Update your security software

A Microsoft spokesperson explained that these are just rogue advertisements displayed to users and Skype isn’t actually infected, recommending to run antivirus software that can block such attacks.

“We're aware of a social engineering technique that could be used to direct some customers to a malicious website. We continue to encourage customers to exercise caution when opening unsolicited attachments and links from both known and unknown sources and install and regularly update antivirus software,” the company says.

The original reddit post has at least two other users confirming the ads displayed in their Skype version, and the author of the thread says that blocking ads in the application is the most effective way to remain on the safe side. To do this, open the Restricted Sites in the IE settings screen in Control Panel and add apps.skype.com and g.msn.com to the list.

Of course, Microsoft’s method is also effective and the majority of antivirus solutions should already be capable of detecting and blocking the malware, so make sure you update to the latest virus definitions as soon as possible.