Back in February 2018 researchers from antivirus software company Malwarebytes reported on a rash of fake browser alerts that directed people to reach out to Microsoft tech support. These alerts contained generic information about various maladies users picked up while browsing (such as ‘a virus’ or ‘spyware’) and provided an error code and a phone number to call to solve the problem. While this type of scam is not new, this particular variant created a panic among end users by exploiting a vulnerability in Google Chrome (and other browsers like Firefox, Brave, and Vivaldi) to actually force a machine to lock up.
The flaw was repaired back in February but has since resurfaced with the release of Chrome version 67. According to a post on Google’s bug tracker, the download bomb exploit appears to be a currently active target. While Chrome had a brief respite from the vulnerability, Malwarebytes Lead Intelligence Analyst Jérôme Segura noted that Mozilla had not yet addressed the flaw. Microsoft Edge and Internet Explorer do not seem to be affected.
The attack vector is likely similar to other kinds of tech support scams, leveraging legitimate sites that have been hacked or through malicious advertisements placed on legitimate (but insecure) sites.
The “download bomb” is more effective than other types of tech support scams because it can freeze a computer, denying an end user the ability to close the affected tab or the browser window. The attackers accomplish this via the window.navigator.msSaveOrOpenBlob interface, which they exploit to force the browser to download and save a file to disk thousands of times over. The dramatic influx of data chews up almost all available resources, causing the machine to lock up. This could easily cause someone to panic and believe they’ve actually bricked the computer and have no other recourse but to call the provided number.
Should you be confronted with this (or another) tech support scam, don’t panic, and definitely don’t call that number. It is possible to stop the download bomb if you react fast enough. According to Bleeping Computer the exploit code only triggers after the fake tech support site page fully loads, giving you a couple of seconds to close the page and cancel the downloads. If you’re not fast enough, you can always open Window’s Task Manager (Ctrl+Alt+Delete) and end the process that way (or through the Force Quit option in the Apple menu if you’re a macOS user).
It’s good to keep in mind that Microsoft and other operating system developers do not provide direct tech support to end users and will never reach out to someone to let them know they have a malware infection. Any attempt at direct communication about the state of your computer is almost definitely a scam. If you’re still not convinced, reaching out to IT support is always a good plan.