Tech-support scammers have a new trick to send Chrome users into a panic

Here’s what to do after landing on a page that freezes your browser.

Read the whole story

 

[DanNeely]

The most important thing to remember when encountering one of these windows is not to panic and to never call the phone numbers displayed in the warnings.

... unless you're bored and feel like wasting a scammers time for the lulz.

 

[Sajuuk]

Does this particular method effect Chrome exclusively?

 

[grommit!]

By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it's impossible to see what's happening.

Wouldn't enabling the "Ask where to save each file before downloading" option stop this on the first attempted download?

 

[Jamjen831]

After a period of inactivity, macOS will show Chrome users a system message reporting that the open browser tab has become unresponsive and give users the option to close it...Manually shutting down the entire browser risks losing any unsaved work contained in any open windows

While not as nice as being prompted by the OS to close out the right process, I wonder if you could do the same in Windows. Open Task Manager, look at all the Chrome instances open, and close the one process eating the resources.

 

[nehinks]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

Also, second the question as to whether this is Chrome exclusive. I generally run a mix of Firefox and Edge at home.

 

[Nazgutek]

And if the alert boxes were modal to the tab and not the entire application window, you could just close the tab and job done.

Turns out they are, so go me being out of date.

 

[lewax00]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

Also, second the question as to whether this is Chrome exclusive. I generally run a mix of Firefox and Edge at home.

It does on Linux too, unless you're a developer that gets annoyed with it when you're trying to debug performance issues and manually turn it off...(yes, I fit in that category).

 

[Canterrain]

I used to work in a Microsoft Store taking care of the crap that happens like this. I still remember the most evil thing these scammers would do.

At some point during the phone call they would setup a syskey password. Which prevents Windows from booting, has no 'forgot password' like feature or anyway to be permanently disabled.

The only thing that could be done was to restore to an earlier point, but they started deleting restore points as well.

They'd use this to hold the computer ransom for payment, threatening never to give over the password until some high sum was forked over. Sometimes they even gave the wrong password when money was paid.

So glad this was remove in the Fall Creators Update.

 

[Cl9]

By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it's impossible to see what's happening.

Wouldn't enabling the "Ask where to save each file before downloading" option stop this on the first attempted download?

Might just be saving a relatively small temporary file or something. Mega for example, can download the whole file before even showing you a popup.

 

[MyManFly]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

I'm fairly confident I've gotten that on Windows as well (although to be fair it was usually after running out of RAM instead of CPU headroom).

 

[Enochrewt]

"Stealing Pictures"? I mean I get it, they're just creating fear, but if some jerk wants to look through the 200GB of movies and pictures of my kids, more power to them. Maybe they'd like to come over for a slide show presentation?

 

[lewax00]

And if the alert boxes were modal to the tab and not the entire application window, you could just close the tab and job done.

And that's why, as a web developer, I never, ever use the browser provided dialog boxes...they're a pain in the ass to users. I have no idea why, after all this time, they're still handled so ineptly.

Turns out they are, so go me being out of date.

Well I'll be, you're right...at least in Chrome (too lazy to fire up the rest of my browser suite and test those...). Still not enough to break me of that habit though...

 

[beebee]

Is there some way to really stop pop ups? Clicking the box to stop hasn't worked in years.

The absolute worst website user experience is the screen going dark and the pop up arriving just when you were about to click on what you wanted.

 

[UltimateLemon]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

I'm fairly confident I've gotten that on Windows as well (although to be fair it was usually after running out of RAM instead of CPU headroom).

I know that message occurs on Windows but I'm not sure what the trigger condition is.

 

[rosen380]

I used to work in a Microsoft Store taking care of the crap that happens like this. I still remember the most evil thing these scammers would do.

At some point during the phone call they would setup a syskey password. Which prevents Windows from booting, has no 'forgot password' like feature or anyway to be permanently disabled.

The only thing that could be done was to restore to an earlier point, but they started deleting restore points as well.

They'd use this to hold the computer ransom for payment, threatening never to give over the password until some high sum was forked over. Sometimes they even gave the wrong password when money was paid.

So glad this was remove in the Fall Creators Update.

A family friends small business got hit by something similar, but the hacker had them put in a BIOS password or something like that [TBH, how the user fell for it is a bit beyond me]. I guess Geek Squad had some sort of USB key that can bypass...

 

[mogbert]

Manually shutting down the entire browser risks losing any unsaved work contained in any open windows.

Unless you are in Google Docs or something, there isn't really much "unsaved work" that people have open in a browser. Just give Chrome the three finger salute, then blacklist the site that crashed you in your HOSTS file. Then go back to surfing.

 

[dodexahedron]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

I'm fairly confident I've gotten that on Windows as well (although to be fair it was usually after running out of RAM instead of CPU headroom).

I know that message occurs on Windows but I'm not sure what the trigger condition is.

It's spending a certain amount of time at high CPU usage with no DOM change or being unavailable for user input.
I encounter it frequently during use of kibana, if someone has logged particularly large objects.
Very repeatable.

Also, closing the browser has a pretty low (almost zero) chance of losing other open sites.
Just reopen closed window when you launch a new instance and you're set.
Just be sure to close the offending tab before it has a chance to loop itself into oblivion again.

 

[fic]

Hopefully using quad9 filters this crap out.

 

[Gilandune]

I used to work in a Microsoft Store taking care of the crap that happens like this. I still remember the most evil thing these scammers would do.

At some point during the phone call they would setup a syskey password. Which prevents Windows from booting, has no 'forgot password' like feature or anyway to be permanently disabled.

The only thing that could be done was to restore to an earlier point, but they started deleting restore points as well.

They'd use this to hold the computer ransom for payment, threatening never to give over the password until some high sum was forked over. Sometimes they even gave the wrong password when money was paid.

So glad this was remove in the Fall Creators Update.

A family friends small business got hit by something similar, but the hacker had them put in a BIOS password or something like that [TBH, how the user fell for it is a bit beyond me]. I guess Geek Squad had some sort of USB key that can bypass...

How did that work? did the hacker tell them the password over the phone?

 

[DaveSimmons]

In a better world, domain registration services would not let random criminals register domain names containing trademarked names like .microsoft. and would flag suspicious ones like .windows. for human review.

They would still allow registering free-speech and complaint sites like micsofts-a-naughty-puffin.com where it was not easily mistaken for an official company site, while protecting a few users from microsoft.ransomware.scam

 

[DrB]

I ran into something similar on Firefox a couple months ago. I ended up reporting it through the Firefox badware site submission process. It locked up Firefox (really only a tab) even with uMatrix and NoScript, so I had to block it based on domain and IP.

I think I came across it via tumblr or reddit, but not directly. I want to say it was linked through affiliate ads at some less savory file sharing sites.

 

[/or\]

die fucks, just die

 

[demonknightdk]

I used to work in a Microsoft Store taking care of the crap that happens like this. I still remember the most evil thing these scammers would do.

At some point during the phone call they would setup a syskey password. Which prevents Windows from booting, has no 'forgot password' like feature or anyway to be permanently disabled.

The only thing that could be done was to restore to an earlier point, but they started deleting restore points as well.

They'd use this to hold the computer ransom for payment, threatening never to give over the password until some high sum was forked over. Sometimes they even gave the wrong password when money was paid.

So glad this was remove in the Fall Creators Update.

I ran into this, there was a way to get around it with a linux boot disk and some other utilities. I've had to do it a couple times.

 

[Boskone]

Can you use Chrome's task manager (shift+esc in Windows) to eventually kill the offending tab?

Once it opened, at least, since I assume it would take a while to start with all the resources being taken up.

 

[Boskone]

I used to work in a Microsoft Store taking care of the crap that happens like this. I still remember the most evil thing these scammers would do.

At some point during the phone call they would setup a syskey password. Which prevents Windows from booting, has no 'forgot password' like feature or anyway to be permanently disabled.

The only thing that could be done was to restore to an earlier point, but they started deleting restore points as well.

They'd use this to hold the computer ransom for payment, threatening never to give over the password until some high sum was forked over. Sometimes they even gave the wrong password when money was paid.

So glad this was remove in the Fall Creators Update.

A family friends small business got hit by something similar, but the hacker had them put in a BIOS password or something like that [TBH, how the user fell for it is a bit beyond me]. I guess Geek Squad had some sort of USB key that can bypass...

Most desktops have a jumper you can use to bypass BIOS security. Laptops have either a master password the owner can get from the manufacturer, or (rarely these days, IME) a jumper or a couple contact patches to do the same thing as the PC's jumper.

 

[MPerz]

By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it's impossible to see what's happening.

Wouldn't enabling the "Ask where to save each file before downloading" option stop this on the first attempted download?

I'm also wondering if this affects other Blink-based browsers like Opera. My suspicion is yes.

 

[astropheed]

Funny. Have never run into a problem like this. But then again, I use a Mac......

Do you mean you use Safari? Because this is a Chrome issue and if you use Chrome on a Mac then your chances are exactly the same AFAIK.

 

[demonknightdk]

Is there some way to really stop pop ups? Clicking the box to stop hasn't worked in years.

The absolute worst website user experience is the screen going dark and the pop up arriving just when you were about to click on what you wanted.

I run Ublock Orgin and Adblock Plus in firefox and havent had an issue.

I run Adblock Plus in chrome with almost zero pop-ups. I use firefox for aobut 90% of my browsing now.

 

[Old_one]

I'd like to see a review of all the UI crap that comes with ads these days. Some websites have become unreadable because they bounce up and down too much to interact with a user.

 

[Taiwwa]

The most important thing to remember when encountering one of these windows is not to panic and to never call the phone numbers displayed in the warnings.

... unless you're bored and feel like wasting a scammers time for the lulz.

What we need is an automated system which wastes their time without wasting yours.

 

[joequincy]

Chrome doesn't do the "browser tab is unresponsive, do you want to close?" thing on Windows, just Mac? That's weird, as I know I've seen it on other browsers in Windows (doesn't happen often, so can't remember for sure if it was IE11, Edge, or Firefox).

Also, second the question as to whether this is Chrome exclusive. I generally run a mix of Firefox and Edge at home.

It does on Linux too, unless you're a developer that gets annoyed with it when you're trying to debug performance issues and manually turn it off...(yes, I fit in that category).

Normally, Chrome also does this on Windows... however it seems that the specifics of the attack allowed the researchers to cause Chrome on Windows to lock up in a way that prevents it from showing.

Still a pretty serious flaw, but not the "why the heck is this functionality only available on some platforms" oversight it appears to be at first glance.

 

[Carewolf]

By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it's impossible to see what's happening.

Wouldn't enabling the "Ask where to save each file before downloading" option stop this on the first attempted download?

Yea, I have never understood why any browser ever removed that dialog. That is such a giant waiting security bomb

 

[Carewolf]

The most important thing to remember when encountering one of these windows is not to panic and to never call the phone numbers displayed in the warnings.

... unless you're bored and feel like wasting a scammers time for the lulz.

What we need is an automated system which wastes their time without wasting yours.

A white-hat robo-caller?