Browser hanging? Don’t call that support number! It’s a scam!

Tech support scammers leverage annoying browser bug to trick users into calling.

David bisson
David Bisson

Browser hanging? Don't call that support number! It's a scam!

As we all know, tech support scammers like to use a variety of techniques to fool their victims into calling them up.

Some impersonate a target’s Internet Service Provider, while others warn a user’s hard drive will have its contents deleted unless they call straight away.

Clever, but not fool-proof.

Sign up to our free newsletter.
Security news, advice, and tips.

Thanks to the help of public security awareness campaigns, users are getting wise to these scare tactics. As a result, many scammers aren’t placing as great an emphasis on scaring their victims. Instead they’re concentrating on denying them access to certain functions of their computer.

That’s what’s going on in this new scam.

The ruse makes use of a vulnerability that consumes 50 percent of a machine’s CPU, ramps up the RAM to 7 Mb/s, and most importantly causes the browser to hang but to not crash.

All it takes to exploit the bug is a simple but excruciatingly long for loop built in JavaScript.

Bug code

The flaw works by abusing history.pushState() in HTML5, a method which pushes data onto the session history stack with a title and URL (if provided).

Combine that with a fake Microsoft security warning screen, and you got yourself a scam that just won’t go away.


Microsoft.Inc Warning!System has been infected

Microsoft Identification-malware infected website visited.Malicious data transferred to system from unauthorized access.System Registry files may be changed and can be used for unethical activities.

System has been infected by Virus Trojan.worm!055BCCAC9FEC – Personal information (Bank Details, Credit Cards and Account Password) may be stolen.System IP address is unmasked and can be accessed for virus spreading.Microsoft has reported to the connected ISP to implement new firewall.Users should call immediately to Technical Support 1-844-507-3556 for free system scan.

Think you can terminate the process using Task Manager? You might be able to…or not.

Jérôme Segura of Malwarebytes explains:

“Depending on your computer’s specifications you may or may not be able to launch Task Manager to kill the browser process. Otherwise your system will be brought to its knees and a hard reboot may be the only option left. Whatever you do, please do not call the phone number for support because it is not Microsoft’s but rather a group of scammers waiting to rob you of hundreds of dollars under false pretenses.”

Malwarebytes has contacted the Google Safebrowsing team about the bug. It might date back to 2014, but if attackers are exploiting it to trick unsuspecting users, it’s important to issue some sort of fix as soon as possible.

In the meantime, users can protect themselves against this scam by avoiding clicking on suspicious links, including those that might be shortened. If they come into contact with the scam, they can try to disable the browser process using the Task Manager. If that proves fruitless, they should reboot their computer.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

4 comments on “Browser hanging? Don’t call that support number! It’s a scam!”

  1. Bruce

    Which browsers? (Not IE/Edge, right?)

  2. JungleMartin

    What does "ramps up the RAM to 7 Mb/s" mean?

    1. l_Digi_Dude_l · in reply to JungleMartin

      It most likely is talking about the data transfer speed. Its sending and receiving 7 Mb/s of data consistently and no stop. Though I think they meant to say 7 MB/s and that would come out to be 56 Mb/s. Either way that doesn't seem to be much, but that may be divided up per process and could be running multiple processes.

      1. nelsoncbuttner000 · in reply to l_Digi_Dude_l

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.