 
Full Disclosure mailing list archives
Re: Skype Phishing Attack
From: Wim Remes <wremes () gmail com>
Date: Fri, 13 May 2016 12:40:32 +0000
I think MSRC was on the money on this one. On Thu, 12 May 2016 at 23:39, Danny Kopping <dannykopping () gmail com> wrote:
First-time poster here. I've been told to submit this issue to FD since Microsoft's Security Team rejected this out of hand because it doesn't meet their arbitrary definition of a vulnerability. "Thank you for contacting the Microsoft Security Response Center (MSRC). Upon investigation we have determined that this is not a valid vulnerability." Below is the original message i sent to secure () microsoft com: *------------------- Original Message -------------------* Hi I've found a way to conduct a phishing attack on unsuspecting users by exploiting the image preview functionality found in modern versions of Skype (only tested on Mac so far). Right at the outset here I'll say that i'm not a security researcher, just a lowly programmer. The exploit is very very simple. Skype announces that it is fetching an image preview when requesting an HTTP(S) link from a server. The User-Agent header is: Mozilla/5.0 (Windows NT 6.1; WOW64) *SkypeUriPreview* Preview/0.5 This can be exploited to respond with different (even if not malicious) content which is disingenuous. My proof of concept can be found here: http://infomaniac.co.za/skype-phish/ In Skype, when the link is pasted, appears like this: [image: Inline image 1] And when clicked, you are shown a Facebook login form: [image: Inline image 2] After filling out the form and submitting it, you then see: [image: Inline image 3] The exploit is very simple and the code can be found here: http://infomaniac.co.za/phish.zip I hope Skype will take steps to improve the safety and security of its regular non-technical users. I believe this particular issue can be mitigated by simply not including a specific User-Agent string in requests. Thank you _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Skype Phishing Attack Danny Kopping (May 12)
- Re: Skype Phishing Attack Reindl Harald (May 13)
- Re: Skype Phishing Attack Sebastian (May 17)
- Re: Skype Phishing Attack Danny Kopping (May 18)
 
 
- Re: Skype Phishing Attack Sebastian (May 17)
- Re: Skype Phishing Attack Wim Remes (May 13)
 
- Re: Skype Phishing Attack Reindl Harald (May 13)


