A New Trick discovered to block Visitors and Scare Non-Technical Users into Paying for Unneeded Software and Servicing Fees

The administrators of some technical support scam websites
have discovered a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded programming or overhauling
charges.
The trick depends on utilizing JavaScript code stacked on
these vindictive pages to start thousands of file download tasks that rapidly
take up the client/user’s memory assets, solidifying or (freezing more likely)
Chrome on the con scammer’s webpage.
The trap is intended to drive the already panicked clients
into calling one of the technical support telephone numbers that appear on the
screen. A GIF of one of these noxious locales freezing a Chrome program running
the most recent rendition (64.0.3282.140) is implanted underneath.

As per Jérôme Segura — Malware bytes leading expert in
technical support scam operations and malvertising,—this new trick uses the
JavaScript Blob strategy and the window.navigator.msSaveOrOpenBlob function to
achieve the “download bomb” that stops Chrome.
The expert says the best way to get away from the technical
support site is to close Chrome by means of Windows Task Manager.
At the point when the client restarts Chrome, if Chrome is
designed to reload the previous session, Segura encourages clients to rapidly
close the shady site while the page is loading and before the vindictive code
has an opportunity to execute.
Segura says that he spotted technical support scammers
mishandling this new trick after Google engineers fixed Chrome against a past
system or a previous technique in other terms, that used the history.pushState
API 
to comparably freeze Chrome
programs on shady sites.
This “download
bomb” trap just works in Chrome, Segura said.

Clients arriving on a similar shady URLs yet utilizing
different browsers are served diverse pages.

Likewise on the front of such shady sites pushing noxious
content, clients ought to be aware about the other sites pushing counterfeit
Adobe Flash Updates packages bound with CPU miners, yet in addition of
comparable shady sites putting on a show to provide Mozilla Firefox updates.

Leave a Reply