1Likes
LinkBack URL
About LinkBacksTech support scammers exploit a known issue once again that throws a massive number of downloads at browsers to freeze them according to a report on Bleeping Computer.
The exploit affects Google Chrome 67 as well as Firefox, Opera, Brave, Vivaldi and potentially other web browsers as well. Sites use JavaScript to create several thousand downloads which freeze browsers because the browsers are not designed to handle large number of downloads. Microsoft Edge and Internet Explorer are not affected by the issue.
The idea behind the scam is quite simple: display a support scam message to the user and make the browser freeze at the same time. Users cannot close the tab anymore or the browser because of the freeze which may make them call the fake phone number to get support for the issue.
Img
The method pushes CPU load to the maximum so that it is quite difficult to get any reaction at all from the computer. The notification informs users that their PC has been blocked or that something else happened that requires them to call a support line to resolve the issue.
In one case, users were asked to call Microsoft but the number is not operated by Microsoft but by the scammers.
Users who are quick enough can close the tab before the downloads are unleashed as the script fires after the page has loaded fully.
Google fixed the issue in Google Chrome 65 but the issue appears to have resurfaced in the recently released Chrome 67. While it is probably only a matter of time until Google fixes the issue again, it is recommended to play it safe until then.
The February bug report on the Chromium site lists a proof of concept HTML file that interested users can run to test their browser against the vulnerability. It is recommended that you run tests in virtual environments or on spare PCs as you may need to force a restart of the system.
Since the method requires JavaScript, it is possible to deal with it by disallowing JavaScript to run on all sites but whitelisted ones. This can be achieved with extensions such as NoScript or uMatrix.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
07-03-2018 #1sednaGuest
Tech Support Scammers exploit downloads trick again
kirill likes this.
Reply With Quote
