New frontend based attack mimic blue screen in a very effective way

Ran Bar-Zik
Aug 20, 2018 · 2 min read

I think that the lowest level of attack is the front end scam attacks. It means attacks that use CSS, JS, and other front-end manipulations techniques to convince users to do some harmful operations. For example, some popups that alert the users on “spyware” or some badly designed error messages. but a new combined technique takes the front end attack to a completely new level.

It all began with a friend of mine that entered into some file conversion service and clicked on one of the ads. The ad opened an attack site that mimicked completely blue screen along with a voice-over that repeatedly says: “Your computer has been breached”.

The graphic itself is very basic but look on the mimicked tab that shows false “Microsoft” support URL. It is only an image, but the stressed-out user can easily skip it.

The JavaScript part is really interesting. By using combined event handling, it blocks completely the dialog closure, clicking on the ‘X’ Button or the close button on the tab or scrolling down to the taskbar.

The whole point of the attack is to convince the victim to call the “support number” In this case 1–877–639–7858, we all know what will happen if someone will call this number, right? hint hint: No

How can it be done? Just by JavaScript event handling and a little bit of CSS. The JavaScript was scrambled on the client side but it was easy to “decipher”. come, one client-side scammer, you can do better. The complete code can be found on this pastebin.

https://www.youtube.com/watch?v=Lvz4sMPxX3U

How to avoid it? well, simple Alt+F4 (on Windows) will solve this issue for you. Beware and warn your loved ones.

Ran Bar-Zik

Written by

Full stack MEAN\LAMP software developer. Marathoner. Book Lover. Married + 4. Born in 1977. Opinions are my own. [Mostly Hebrew]