Those pop-ups that slow down PCs and tell you to call “Microsoft” at a sketchy 1-800 number are back, thanks to an newly exploited browser bug.
Chrome and Firefox users are both reportedly vulnerable to the attack, which disguises itself as a legitimate error message. The bug exploited here was thought to be patched, but scammers seem to have found an new way to trigger the bug.
Dan Goodin, writing for Ars Technica, outlines how it works:
The scam technique, which came to light in February, works by abusing the programming interface known as the window.navigator.msSaveOrOpenBlob. By combining the API with other functions, the scammers force the browser to save a file to disk, over and over, at intervals so fast it’s impossible for normal users to see what’s happening. Within five to 10 seconds, the browser becomes completely unresponsive.
So your computer is completely crashed, and there’s a phone number on the screen that promises to fix it. If you’re the sort of person who reads articles like this you probably know not to call the number, but a decent percentage of people don’t.
Which is why you should tell your friends and family to never call tech support numbers that randomly pop up on your screen. You could even tell them to call you instead, if you’re feeling generous.
Google and Mozilla are both working on patches for this bug, after which the cat and mouse game will probably continue. Arm the people you know with knowledge.
Screenshot courtesy Malwarebytes