Monday, August 08, 2016

Tiny url link to "come-on" sensational news story leads to scareware; why don't Chrome and W10 block these on their own?


Today, I clicked on a Twitter tiny url about Steven Johnson's Syndrome (a catastrophic skin disease, rare, in some young children -- look it up in Wikipedia or on Mayo Clinic) leading to “Viralplanet”, which led to a series of frames for successive pages and pictures.

The site was not marked suspicious by Trend Micro, but generally sites that behave this way to serve more adware may be riskier.  Suddenly, I was sent to ‘njyde.com” and got one of these browser (Chrome) hacks that locks up the browser, sounds a beeper, and locks the machine and demands you call an 800 number to pay ransom.

I simply hit the power button in Windows 10 to bring up Windows 10.  Chrome came up clean.  I ran the quick scan, and then the full scan (about 30 minutes) on Trend, and both came up clean.   So this does not seem to load an executable, or constitute real “ransomware”.



This seems like a very transparent hack, that not many people would fall for.  It seems it is done out of desperation, from countries with bad economies and few jobs for programmers (Russia).

Security companies should investigate “njyde”, which may be a deliberate misspelling of a legitimate site.
 
But why can’t Google Chrome and Windows 10 just block this behavior?  Why is opening a web page “dangerous”?  Chrome's pop-up blocker blocks too much.  Why is it hard for them to intercept malicious javascript?

No comments: