Scammers Use Download Bombs To Freeze Chrome Browsers on Shady Sites (bleepingcomputer.com)

Posted by msmash on Wednesday February 7, 2018 @02:51AM from the security-woes dept.

An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.

3 of 72 comments (clear)

Min score:

Reason:

Sort:

Re:Javascript in the browser *is* the malware by Anonymous Coward · 2018-02-07 04:24 · Score: 3, Insightful

Says someone weeks after Meltdown was demonstrated... running as Javascript in a browser.
Way to go!.
window.navigator.msSaveOrOpenBlob by zifn4b · 2018-02-07 04:58 · Score: 4, Insightful

Only works on Microsoft browsers. I don't see a problem here.

--
We'll make great pets
Re:this is why run adblock in the past flashloaded by taustin · 2018-02-07 07:03 · Score: 1, Insightful

I disagree. Some people make far more sense when they're incoherent.