Firefox: No-exit browser scammers want you to call bogus support

The attack works on both Windows and Mac versions. Upset by a flood of continuous authentication-required prompts, a user might try to leave the warning page; not possible, or may try to close it; forget about it.

The Firefox bug fools users to think their computers have been hacked. Then victim users who believe this is all happening for real are tricked to call the bogus support line. It is as if Borat is talking which should possibly give people a hint this is all a dupe.

"Please stop and do not close the PC...The registry key of your computer is locked. Why did we block your computer? The Windows registry key is illegal. The Windows desktop is using pirated software. The Window desktop sends viruses over the Internet. This Windows desktop is hacked. We block this computer for your safety."

(A reader comment in Ars Technica: "There is a theory that all the bad grammar and spelling mistakes in many scams are deliberate too. Because it weeds out the skeptical. Scammers don't want to waste time with savvy, smart or skeptical people.")

Well, observers agreed that victims falling for the information as genuine fell into the category of victims of tech support scams through the years.

Another reader's comment, this time on ExtremeTech: "...this has been common practice for scammers for over three years...This is not just a Firefox issue. It's scammers taking advantage of advertisements. They load a specific javascript code into their hosted ad that people are unlucky enough to have loaded when they visit a webpage and thus, locked browser. This happens in all browsers."

Jonathan Lamont in offered advice. "The best thing to do in these circumstances is to remain calm and not react suddenly to what's happening...Typically, these scams want to frighten users into handing over valuable information or money." Dan Goodin in Ars Technica: "Whatever else people may do, they should never call the phone number displayed."

Ravie Lakshmanan in TNW: Terminate the browser process via the Windows Task Manager or use the Force Quit feature in macOS. It's possibly messy, however, for "if you've turned the restore tabs option on," said Lakshmanan, "you'll be stuck in a perpetual loop, with the only option being disconnecting from the internet before opening the browser again."

Forcibly closing Firefox and restarting it may be enough, provided the browser isn't set to reopen previously closed tabs, said JC Torres in SlashGear.

Back in April, though, Catalin Cimpanu in ZDNet reported Firefox was to add protection against the login prompt spam.

"Twelve years after it was first notified of the issue, Mozilla has finally shipped a fix this week that will prevent abusive websites -usually tech support scam sites- from flooding users with non-stop 'authentication required' login popups and prevent users from leaving or closing their browsers. The fix has been shipped in Firefox v68, the current Nightly release, and will hit the browser's stable branch sometimes in early July."

Goodin had more about this: "Earlier this year, Mozilla shipped a comprehensive fix for these types of attacks some 12 years after being reported. Chrome and other browsers have also been vulnerable to this variety of attacks. Segura said he's aware of a separate Firefox browser lock bug that remains unfixed two years after it was reported. Although it was actively exploited in the past, Segura said, he hasn't seen any recent attacks targeting the flaw."

Goodin was referring to Jérôme Segura at Malwarebytes.

"Jérôme Segura, head of Threat Intelligence at Malwarebytes, this week found that tech-support scammers have found a bypass for Mozilla's fix, allowing them to use the same tactics to con victims." said Cimpanu in ZDNet. Segura said this time the "browlock" was using a technique that was "new to me."

What's next? Mozilla is reportedly working on a fix.

Sergiu Gatlan in BleepingComputer explained what was going on this time around. How does the bug allow crooks to lock the browser? "This is done by spamming them [targets] with a large amount of authorization confirmation prompts because there is no rate limiting to prevent it and by stealing focus from the main page."

Gatlan recalled some techniques used in past blocks and tech support scams: "In December 2018, JavaScript was used by crooks to create an inescapable loop that would claim all CPU resources thus making it impossible for users to close the tab, the web browser, and even their computer without killing Chrome's process.

Website search

Recently updated

ZoneAlarm Anti-Ransomware ZoneAlarm Anti-Ransomware A security tool specifically designed to fight against ransomware attacks, preventing threats from reaching your computer and locking your files
ZoneAlarm Free Antivirus + Firewall ZoneAlarm Free Antivirus + Firewall The ultimate Internet Security solution that detects and blocks viruses, spyware, Trojan horses, worms, bots as well as rootkits
EG Anti Virus EG Anti Virus Antivirus application with password protection, multiple scan modes, quarantine, data security tools, encrypted notes, and file cleaner

Software News

Jan 24
The headlines on many tech-watching sites this week amounted to one big whaaat? An anti-tracking feature in Apple's Safari browser was actually exposing private browsing habits, according to researchers outside Apple. This ...
Jan 23
Tinder announced Thursday that US users would soon have a "panic button" to alert authorities to potentially dangerous situations as part of a stepped up safety initiative by the popular dating app.
Jan 23
Android is all up in the clouds, just where Canonical thought it could be, in working up its service called Anbox Cloud, announced earlier this week.
Jan 21
Three WordPress plugins have been picking up quite the glare of attention this month after researchers found serious vulnerabilities in them-and the numbers are sobering, in that these plugins have been installed on more ...
Jan 20
Teaching online video game players to save lives, not take them-that is the aim of a new product developed in an unusual collaboration between the creators of the wildly popular Fortnite games and the International Committee ...
Jan 17
Researchers from Dartmouth and the Massachusetts Institute of Technology (MIT) have developed an original approach to flight scheduling that, if implemented, could result in a significant increase in profits for airlines ...
Jan 15
The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could allow hackers to intercept seemingly secure communications.

About us

Welcome to new crack resource! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.