Scammers create an infinite loop out of shady subdomains

Feb 16, 2016 22:16 GMT  ·  By
Tech support scammers find a way to avoid browser popup limitations
2 photos
   Tech support scammers find a way to avoid browser popup limitations

The operators of a tech support scam website have resorted to a novel trick for keeping their victims on their site, in an attempt to force them to call their tech support hotline number and try to convince them to buy over-priced support services.

Their trick revolves around redirecting users that want to leave the site to a subdomain, which then redirects them to another subdomain and so on until the user grows tired and starts thinking he's really facing a technical error.

But why are tech support scammers using this trick? The reason is that browser vendors like Mozilla or Google have caught on to their tricks a long time ago and will allow users to block repetitive popups originating from the same domain.

So when a user wants to close the browser tab, the tech support scammer shows that annoying popup that asks users if they want to leave, and actually allows them to close the tab and navigate away, but to one of the original site's subdomains (like abc.domain.com).

This way, the tech support scammers will avoid built-in browser protection features that restrict popups, by always reloading their site from another subdomain.

You'll probably need to use the Windows Task Manager to close the browser

The trick is diabolical, but there's a way around it. Just close the browser, reinstall it, and start anew. If you have a hard time closing the browser, just use Windows' Task Manager feature and shut down the browser's process.

Malwarebytes, the company that detected this new tech support scam variation, says they've contacted the ISP on which the domain was hosted, and had it taken down.

Knowing how quickly this kind of tricks spread around between cyber-crooks, there will probably an invasion of tech support scam websites that will use this technique in the upcoming future.

Infinite loop of shady subdomains
Infinite loop of shady subdomains

Photo Gallery (2 Images)

Tech support scammers find a way to avoid browser popup limitations
Infinite loop of shady subdomains
Open gallery