Close blocked exit web page



Introduction

The other day I was looking for some old software and accidentally fell into the trap of clicking on a malware web site. The web site proceeded to download a file (which I cancelled) then redirected the browser to a fake National Security Agency (NSA) site.

This was a malware, or rather a ransomware site, at enforcement-dymcxcci-engine.in/law_enforcement/ that said I was in danger of being prosecuted for downloading an illegal file, that my browser was now locked, and that my computer files were now being encrypted. The page also said to avoid any further action I could send the site authors $300 via Moneypak. All of which are, of course, a load of crap.

NSA ransomware fake web page

Trying to move away from the page brought up a pop-up that prevented me from doing so.

NSA ransomware fake web page

These pop-ups do have a useful purpose. For example, if a form has not been completed or filled in correctly then a pop-up of this sort can ask if the user is really sure that they want to navigate away from the page. Facebook uses it when a post has not yet been completed

Facebook navigation warning

Execution

These pop-ups are nearly always written in the standard web browser programming language, JavaScript. Almost any event can cause the script to be run, any mouse movement, for example, but it is becoming increasingly common for authors to use onbeforeunload.

This form of ransomware is not a virus attack, but there some that are. No files, in this form anyway, are downloaded to your computer. Unfortunately in IE and Chrome it will stop any further navigation in any other tab until the JavaScript is dealt with. In Firefox the dialog box is modal to the tab not the entire browser so, unless the script is more sophisticated the other tabs can be used with no problems.

Having said that, it's always worthwhile running further checks on your computer rather than your virus checker. I particularly like Malwarebytes but there are others around such as those recommended by Lifehacker and Gizmo.

Closing the Tab

Some people do not allow JavaScript to run on any web site they visit and there are plenty of tools and add-ons to do this. Personally I think at least some of these people are doing them a disservice because many sites rely on JavaScript to deliver a richer user experience.

What needs to happen is for that JavaScript dialog box to close before you can close the tab. Pressing the "Esc" key sometimes works, as does clicking on the "x" in the dialog box, otherwise you'll have to click on whatever buttons the dialog box provides.

The trick is to be fast. You have to close that tab before the dialog box reloads.

Press "Ctrl" and "W". This closes just the open browser tab.

Or,

Press the "Alt" and "F4" keys to complete close the browser.

Or,

In Chrome, press "Shift" and "Esc" to bring up the Chrome Task Manager and close the page from there.

Or,

Press the "Ctrl", "Shift" and "Esc" keys to open Windows Task Manager and close the browser from that.

Reporting Malware and Phishing

There is no national or international body to report sites that should be banned. Reporting sites can get them removed from the major search engines and also, sometimes prosecuted.

Google - https://www.google.com/safebrowsing/report_badware/. Report the site to Google.
Internet Crime Complaint Center - http://www.ic3.gov/default.aspx. Reports the site to the FBI.
US CERT - https://www.us-cert.gov/report-phishing/. Reports phishing sites.
Microsoft - http://www.7tutorials.com/how-report-malicious-websites-internet-explorer. You are able to report malicious web sites from Internet Explorer. This site explains how.
Netcraft - http://toolbar.netcraft.com/report_url. Reports phishing sites.

If the site is a subdomain of a legitimate hosting company then you can go to the company's home page and usually contact the host from there.

Further Reading

Anvisoft - Describes how to get rid of this, if it is a virus attack.
PCRisk - Describes how to disable JavaScript and also shows the various versions of the ransomware sites that are around.

This page created 5th October 2014, last modified 5th October 2014