Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    March 2013
    S M T W T F S
    « Feb   Apr »
  • Email Subscription

  • About Us

    Archive for March 26th, 2013

    We’ve spotted an uptick in a particular type of threat hitting Twitter uses in Japan. We call this threat the “browser crasher” after what it does: it causes the browser to “hang/crash”. To do this, the user has to be lured to visit a particular site with the JavaScript code. So long as the browser tries to open that site, the user will be unable to browse websites normally.

    How is this attack conducted? In this particular case, users were lured to the site using various Twitter messages. The messages of the tweets varied: some said the site was interesting, while others explicitly warned users not to click on it.

    Twitter posts leading to “browser crasher” page

    Whatever the case, once users ended up on the site they would get the following popup on any JavaScript-enabled browser (which is to say, just about any browser on any operating system), like this iPhone:

    Pop-up on iPhone

    The message in Japanese tells users that they will not be able to get off the page, no matter what they do. Clicking the OK button will not be enough to get rid of the pop-up, as a new one will appear with exactly the same message. This pop-up will keep bothering the user and stop them from using the browser until they are able to get off the offending page.

    What the JavaScript does is actually quite simple. The JavaScript within the site contains the code to create a pop-up, as seen above. However, this code is placed inside an infinite loop – as soon as the user closes one alert, the code triggers again and opens another pop-up in a never-ending cycle that continues as long as the site is open.

    Read the rest of this entry »

    Posted in Social | 1 TrackBack »


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice