How is this attack conducted? In this particular case, users were lured to the site using various Twitter messages. The messages of the tweets varied: some said the site was interesting, while others explicitly warned users not to click on it.
Twitter posts leading to “browser crasher” page
Pop-up on iPhone
The message in Japanese tells users that they will not be able to get off the page, no matter what they do. Clicking the OK button will not be enough to get rid of the pop-up, as a new one will appear with exactly the same message. This pop-up will keep bothering the user and stop them from using the browser until they are able to get off the offending page.
We showed this in a mobile browser because a majority of Twitter users – 60 percent in the US, and 80 percent in the UK – access Twitter via mobile devices, so it is quite likely that they would go to this site on a mobile device. This script does not download any malware onto the device; all it does is produce these pop-ups.
If you have ended up on this site, you can stop these alerts by closing the window or tab where this site was opened. For desktop browsers, this is not too difficult. Because many mobile browsers reopen any pages the user had open the last time they used the browser, this may be more difficult on those devices. One way to get around this is to turn on airplane mode, restart the phone, open the browser, and close the tab in question.
This URL was first seen last year, but we only saw tweets leading to it earlier this month, with hundreds of tweets linking to it as of last week. There was nothing in this attack save for its social engineering that limited its scope to Japanese users – it would not have been difficult to create bait that would work as well for users elsewhere. It may not have used up anything other than the patience of users, but it’s still a useful reminder that many links in social media – even “interesting” or viral ones – can be potentially risky.
With additional analysis from Threats Analyst Yoshikawa Takashi.
Share this article