New frontend based attack mimic blue screen in a very effective way

Ran Bar-Zik
Aug 20, 2018 · 2 min read

I think that the lowest level of attack is the front end scam attacks. It means attacks that use CSS, JS, and other front-end manipulations techniques to convince users to do some harmful operations. For example, some popups that alert the users on “spyware” or some badly designed error messages. but a new combined technique takes the front end attack to a completely new level.

Image for post
Image for post

It all began with a friend of mine that entered into some file conversion service and clicked on one of the ads. The ad opened an attack site that mimicked completely blue screen along with a voice-over that repeatedly says: “Your computer has been breached”.

The graphic itself is very basic but look on the mimicked tab that shows false “Microsoft” support URL. It is only an image, but the stressed-out user can easily skip it.

Image for post
Image for post

The JavaScript part is really interesting. By using combined event handling, it blocks completely the dialog closure, clicking on the ‘X’ Button or the close button on the tab or scrolling down to the taskbar.

The whole point of the attack is to convince the victim to call the “support number” In this case 1–877–639–7858, we all know what will happen if someone will call this number, right? hint hint: No

How can it be done? Just by JavaScript event handling and a little bit of CSS. The JavaScript was scrambled on the client side but it was easy to “decipher”. come, one client-side scammer, you can do better. The complete code can be found on this pastebin.

https://www.youtube.com/watch?v=Lvz4sMPxX3U

How to avoid it? well, simple Alt+F4 (on Windows) will solve this issue for you. Beware and warn your loved ones.

Image for post
Image for post

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store