Support Scammers exploit HMTL5 bug that makes Chrome hang

Malwarebytes reports that a new tech support scam is exploited in the wild that targets all recent versions of the Google Chrome browser.

The scam exploits a bug in Chrome's implementation of the history.pushState() method that enables developers to push data "onto the session history stack". Back in 2014, use of the method caused browsers like Firefox, Chrome or Safari to crash.

The new attack uses loops to push loads and loads of data to the browser's history stack. This results in CPU and Memory usage going up to 100% immediately. Google Chrome stops responding -- hangs -- but does not crash or shut down.

The scammers display a warning message on the screen that tells you that your PC has been infected with a trojan, and that you should contact them using a phone number displayed on the page to regain control of the computer.

image (c) Malwarebytes

image (c) Malwarebytes

Microsoft.Inc Warning!System has been infected

Microsoft Identification-Malware infected website visited.Malicious data transferred to system from unauthorized access.System Registry files may be changed and can be used for unethical activites.

System has been infected by Virus Trojan.worm!055BCCAC9FEC — Personal information (Bank Details, Credit Cards and Account Password) may be stolen.System IP Address 112.15.16.175 is unmasked and can be accessed for virus spreading.Microsoft has reported to the connected ISP to implement new firewall.User should call immediatley to Technical Support 1-844-507-3556 for free system scan.

You call the scammers, and they try to get you to pay top Dollars to regain control of your system and get rid of the alleged trojan that is causing the issues.

The attack uses just a couple of lines of code. Malwarebytes makes no mention of other browsers being affected by the bug. It seems likely that other Chromium-based browsers are affected by the issue as well.

Malwarebytes reported the issue to Google. It seems likely that Google is going to block the offending page quickly. Whether Google will fix the bug itself that caused the issue is not clear yet.

The solution

end task chrome

Should you encounter the situation, all you need to do is the following:

  1. Use Ctrl-Shift-Esc to open the Windows Task Manager. If you are using a different operating system, open the task manager on it instead.
  2. Locate the chrome.exe process and kill it by right-clicking on it and selecting "end task".
  3. Pro Tip: You may locate the process that is causing the cpu and memory spikes easily by sorting the process listing by cpu or memory use. You may then end only that task and not all chrome tasks.

 

Summary
Article Name
Support Scammers exploit HMTL5 bug that makes Chrome hang
Description
Malwarebytes reports that a new tech support scam is exploited in the wild that targets all recent versions of the Google Chrome browser.
Author
Publisher
Ghacks Technology News
Logo
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Support Scammers exploit HMTL5 bug that makes Chrome hang

  1. vux777 November 3, 2016 at 6:48 pm #

    latest dev versions of Chrome (and Opera) have experimental flag to prevent this exploit
    user action (eg .click) is required to push something into tabs history list
    bug report: https://bugs.chromium.org/p/chromium/issues/detail?id=638198
    src: https://disqus.com/home/discussion/operablogdesktop/private_opera_developer_42023920_update/#comment-2969632402

  2. Jim Jackson November 3, 2016 at 8:26 pm #

    Thanks Martin

  3. naveed November 3, 2016 at 9:53 pm #

    The severely misspelt text, poor formatting and grammar should be a dead giveaway. To kill all chrome processes in one go, open the Command Prompt and run:

    taskkill /im chrome.exe /f

  4. boris November 4, 2016 at 6:33 am #

    I get somewhat similar extortion scam on Firefox. Scam page comes as redirect from many porn websites. It crates two popups for each one I close. I have to kill Firefox process every time I get it. Big buzzkill.

  5. A41202813GMAIL November 5, 2016 at 12:35 pm #

    FLASH Is A POS, Right ?

    HTML5 Is The Best Thing After Sliced Bread, Right ?

    XPOCALYPSE FOREVER !

Leave a Reply