So my work computer started randomly launching a phishing site into my default browser yesterday. I performed a full scan and that yielded no results. I eventually pinpointed it to Skype.
I am using version 188.8.131.52 as version 8 does not allow chats to be in multiple windows. I successfully replicated this on one other (clean) machine and also a colleague of mine described a similar issue with their set up. However,
Firing up Fiddler and leaving it running for an hour (with only Skype running) revealed what was happening. It seems that Skype loads it's adverts via SkypeBrowserHost and uses (in my case) ad13.adfarm1.adition.com, which some times is fine, but will occasionally hit one particular path (/banner?sid=3699872&kid=2755741&wpt=H) that results in launching an address @ trk.dsllgal.com (/?utm_medium=d85c315fb29b4c572165220204a9e65ad6a2145f&utm_campaign=SK_UK2) in my default broiwser, which then redirects a few times prior to telling me I have won a prize (i'm not including links to these)
I have now added ad13.adfarm1.adition.com to my hosts filepointing at 127.0.0.1 and as an extra precaution, I have renamed SkypeBrowserHost.exe (probably over kill)
I have also contacted adition.com to inform that one of their adverts is redirecting to a scam/phishing site.
Malwarebytes, Adaware, Seek & Destroy and ESET are all showing my machine(s) to be clean, so I'm pretty confident that I've not been got. So just wondering if anyone else has come across this, and if so, hopefuly my fix can help others.