Wednesday, April 30, 2025
HomeMalwareSkype Users Be Aware : Abusing Interstitial Malcrafted Search Pages on Skype

Skype Users Be Aware : Abusing Interstitial Malcrafted Search Pages on Skype

Published on

SIEM as a Service

Follow Us on Google News

If you are a Skype user be aware of Baidu spam links, you may get from anyone of your Skype contacts.Do not click on those links, if you click on it you may end up with fake Articles.

Links look’s like this

http://www.baidu.com/link?url=fab_xYn2VuxIqRnNmhdm7geaj9To0Sxm_lZcR1aWJYC&ID=username

After Google, Baidu is one of the most popular search Engine for websites, also it offers many other web services and it shouldn’t be involved in span campaigns.

- Advertisement - Google News

How this Spam links work

These are done by the malicious people to abuse Baidu search results. Baidu don’t use to link site’s directly, instead links to interstitial redirect pages. Which tell’s Baidu links have been clicked in their search engine results pages (SERPs) and may help to increase the page rank.

For example, if you search “Gbhackers on Security” and click the result for gbhackers.com, the actual link will be something like this:

http://www.baidu.com/link?url=4r6MKB14CnHUrVOJp3g5pVsJ4n5k0jwdUitVyE6y3IkHmH0F27yadM1_5uAXFXF5&wd=&eqid=f998e3b5000302d20000000458579d07

This redirect from Baidu changes as well. If you search for “Gbhackers on Security” again, you’ll get a new interstitial link with a different encrypted url parameter that still redirects to gbhackers.com.

Reason for Abusing Interstitial Search Pages on Skype

Why Skype campaign, scammers abuse these interstitial Baidu pages.

  1. To get malicious pages indexed in Baidu search results.
  2. Search Baidu to find their malicious links in the SERP.
  3. From the SERP, copy the links to Baidu’s interstitial pages.

To make the links more trusted for Skype users to click on, these malware adds an random fragment identifier using the skype name of the recipient (e.g. #emubahyt= from the link at the top of this post).

List of Domain name’s used in Campaign

Baidu links redirect to sites hosted on the server with IP address 46 .30 .46 .78:

abatapka[.]ru – created on Nov 7, 2016
 3d-universe[.]ru – created on Nov 3, 2016
 abc-sport[.]ru – created on Nov 7, 2016
 gieldoweb[.]info – created on Nov 12, 2016
 tria42[.]ru – created on Nov 18, 2016
 tehnoenerg[.]ru – created on Nov 1, 2016

New Fake Site’s

Sites on the 46 .30 .46 .78 server randomly redirect to one of the following fake “news sites”:

 brainvipwit[.]com/?a=370960&c=brain&s=gipo&42988 – 50.115.122.204 – created on Nov 11, 2016
 brainvlllwit[.]com/?a=370960&c=brain&s=gipo&49374 – 50.115.122.206 – created on Nov 16, 2016
 intellectvvv[.]com/?a=373727&c=brain&s=lefo&91446 – 5.149.248.236 – created on Nov 15, 2016
 witxxsmind[.]com/?a=373727&c=brain&s=lefo&82834 – 104.193.252.140 – created on Nov 15, 2016
 vipiqfmind[.]com/?a=370960&c=brain&s=gipo&94704 – 199.168.187.213 – created on Nov 28, 2016

What if I received this Malicious links in Skype?

  1. Don’t click on it (or on any link where you can’t be sure where the link will send you) – it can be a rather benign spam, but can easily be a malicious page that will install viruses on your computer or smartphone.
  2. Next step is to notify the person that “sent” you the link that their Skype account was hacked and they should change the Skype password, recommend them to set a strong password.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Trellix Launches Phishing Simulator to Help Organizations Detect and Prevent Attacks

Trellix, a leader in cybersecurity solutions, has unveiled its latest innovation, the Trellix Phishing...

AiTM Phishing Kits Bypass MFA by Hijacking Credentials and Session Tokens

Darktrace's Security Operations Center (SOC) in late 2024 and early 2025, cybercriminals have been...

Nitrogen Ransomware Uses Cobalt Strike and Log Wiping in Targeted Attacks on Organizations

Threat actors have leveraged the Nitrogen ransomware campaign to target organizations through deceptive malvertising...

Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New WordPress Malware Disguised as Anti-Malware Plugin Takes Full Control of Websites

The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that...

Konni APT Deploys Multi-Stage Malware in Targeted Organizational Attacks

A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent...

Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware

The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux...