We see it all the time, we receive a popup box on our browser and we’re told that we’ve won a million dollars or a free trip to France or our new Russian bride is waiting for us at the airport. Our first instinct is to just click “no thanks” or “cancel” and go about our day. Nothing may noticeably happen when we do so but receiving such popups should raise alarm bells no matter what.
Whether we click yes or no to such a popup box, there is no way for us to verify whether the person that created the website had intentions to let us be if we say no thanks. Infact those popup boxes are written in the Javascript programming language and the language itself leaves it open to the developer to write whatever code they want for not only the “ok” button, but also the “cancel” button as well.
The following is how code could be written (this isn’t readable code but human readable pseudo-code) to execute such a popup box:
- answerYesOrNo = runMyPopupBox;
- if(answerYesOrNo is “true”)
- doMaliciousAction
- else
- stillDoMaliciousAction
What is happening here is that runMyPopupBox is the command for loading a popup on the screen with the message “Congrats, you won a million dollars, claim your prize”. You might be given the option buttons “ok” and “cancel”. If you click on “ok” then the code “doMaliciousAction” will execute which could be to download a virus in the background.
But if you click “cancel” then the action “stillDoMalicousAction” would be executed which could still download a virus in the background. Either way a virus would be downloaded in the background.
Worse yet, what if you received a popup that only had 1 button? That is still allowed in Javascript and no matter what you’re going to get that virus. How can you defend yourself against that?
Well your best and safest action is to not reply to that popup box. But how can you avoid this box alltogether? Well it will involve closing the browser. You could try closing it with the corner X button but that may not work or the browser may not allow you to. But there is still a way.
In Windows, you could still try and right click on the browser icon in your taskbar at the bottom of the screen and choose “close window” but your best bet is to go to the task manager
