Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Chrome Privacy Security The Internet

Scammers Use Download Bombs To Freeze Chrome Browsers on Shady Sites (bleepingcomputer.com) 72

An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.
This discussion has been archived. No new comments can be posted.

Scammers Use Download Bombs To Freeze Chrome Browsers on Shady Sites

Comments Filter:
  • Who's to blame? (Score:1, Flamebait)

    by mrbester ( 200927 )

    An immediate concern is why a method with a Microsoft specific vendor prefix is implemented and targetable in Chrome in the first place.

    TFA doesn't mention anything about IE/Edge being affected. If it is that would be understandable. They might not have checked, but there is also no reference to any other OS than Windows. Does that mean that msSaveOrOpenBlob is only implemented on the Windows version of Chrome and if so, why?

    • by AvitarX ( 172628 )

      On Apple it causes a hang warning with an option to force close, doing so kills only the tab in question.

  • Use a piece of malware which hides everything from you and you're bound to be another victim.

    • by wbr1 ( 2538558 )
      Chromium is open... what are you blathering about?
      • by HiThere ( 15173 )

        Well, Chrome is not Chromium, but my guess is what he meant was that MSWindows has one application grab the entire screen, the way Gnome3 does. (I think I heard that Gnome3 copied that atrocious idea from MSWindows).

        • by wbr1 ( 2538558 )
          Windows does not allow one app to grab the focus and hold it without malicious trickery. The only thing that could is kernel level processes like UAC prompts. This has been the case for a long time.

          Of course an app can have modal windows within itself for UI reasons - this is perfectly normap

          In this case because chrome (and other apps) cannot legally lock the system UI, they do it by thrashing disk IO (which certainly has a large effect on memory and CPU utilization too), effectively freezing the system

          • by HiThere ( 15173 )

            Actually, saying "it's the best browser" assumes a particular use case. I've tried Chromium, etc., and for my use case Firefox is still the best browser I've encountered, with Konqueror a distant second. This is even after the GUI changes that they've made in the last few years. (OTOH, I'm currently using version 52.6, and it's quite possible that they've made changes that would change my mind.)

            But those are the only two browsers I've encountered that let me set up and nicely display a folder of nested f

  • Wouldn't renice 32 -p $pid fix it for linux/unix?
  • by Anonymous Coward

    The ms prefix is a clue that it is Microsoft-only

    navigator.msSaveOrOpen doesn't exist for either Chrome or Firefox

    Nice try, no cigar.

    • by TFlan91 ( 2615727 ) on Wednesday February 07, 2018 @12:30PM (#56083933)

      I was coming here to say just this.

      Only in IE do you use navigator.msSaveOrOpenBlob

      In Chrome / FF / Safari, you use FileReader.

      So this sentence:

      "this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome"

      Straight PR move to cast shade on Chrome

  • When a download is initiated by javascript, the browser should pop up a simple dialogue (non modal, but otherwise an "on top" window so they can continue to otherwise use the browser) to confirm the download with a yes/no. Permit only one of these dialogue windows at a time. Other threads wanting to pop up the dialogue can be suspended until the current dialogue is dismissed Threads requesting a download can be handled on a first come first serve.basis.
    • Chrome actually does do this.

      When I use JS to initiate multiple downloads, Chrome detects this, stops it, and asks me to continue.

      This article is really about IE.

      • by Anonymous Coward

        No, it's about Chrome. The example in the article is Chrome. It is entirely possible that the vulnerability comes from Chrome trying to re-interpret an old MS specific HTML instruction, but it is a Chrome issue.

    • When a download is initiated by javascript, the browser should pop up a simple dialogue (non modal, but otherwise an "on top" window so they can continue to otherwise use the browser) to confirm the download with a yes/no. Permit only one of these dialogue windows at a time. Other threads wanting to pop up the dialogue can be suspended until the current dialogue is dismissed Threads requesting a download can be handled on a first come first serve.basis.

      A thousand times: NO!

      Been there, done that, you implement something like that, you end up having to click NO a jagillion times to dismiss all the queued up downloads. Stupid.

      • by mark-t ( 151149 )

        No, you don't.

        As I said, the dialogue is not modal, so there is nothing stopping you from closing the offending page when one of these pops up without necessarily closing the entire browser. Before the dialog even opens, the thread that is opening the dialog can interrogate the client to see if the web page that spawned it is even still active. If it is, then it proceeds, but if not, then it aborts without even showing the dialog at all. Only one of these would ever be shown at one time, so you don't

  • by zifn4b ( 1040588 ) on Wednesday February 07, 2018 @12:58PM (#56084153)
    Only works on Microsoft browsers. I don't see a problem here.
    • by thegarbz ( 1787294 ) on Wednesday February 07, 2018 @02:32PM (#56084859)

      Only works on Microsoft browsers. I don't see a problem here.

      And yet the screenshot shows it running on Chrome. I have no doubt that Microsoft is at fault or that Microsoft browsers are affected, but clearly it seems to work on Chrome just fine.

      • by zifn4b ( 1040588 )
        You're not a developer probably so you don't understand the difference. Try reading this [stackoverflow.com]. Not sure you will get it though but good luck.
        • You're not good at arguing so you probably don't understand the difference. But your post doesn't invalidate the original point which is that the exploit is shown working in Chrome.

  • Hard-code this into web browsers' error messages.
  • After a few seconds of viewing the headlines, a scammy popup ad will dominate the screen and prevent you from clicking on any link on the site.

I was playing poker the other night... with Tarot cards. I got a full house and 4 people died. -- Steven Wright

Working...