0

I was recently on yts.pe a torrent distribution site. When I clicked on a torrent, there was a pop up, which Chrome totally didn't block, even though it is set to block all pop-ups.

Here are the details of the site:

suspect malware site

I don't believe any files were downloaded, except a certain chrome plugin. But, it does not show up in my plug-in list, a malware bytes scan reports everything as clean.

What happened was as follows: Link opens in another window. Chrome goes crazy. Other applications unaffected. Just Chrome. The browser acted possessed. Which causes me to suspect a remote take over.

No Viruses have been picked up by Avast.

A full OS re-install and re-fresh is in order right now, Does anyone have any advice?

EDIT: To clarify why this question is not a duplicate, The question is regarding this particular site and the way chrome has acted. This is not a question regarding removing the malware. The question is what is this malware? What does it do? What did I just experience?

Edit2: My cursor was taken over in addition to the browser misbehaving.

  • Sir, I beg your pardon, but this question is regarding that specific site and the way chrome acted. I am well aware of how to deal with an infected computer and clean things up. This advice that I am asking for is regarding that particular site. – NightHowler Jul 08 '17 at 09:39
  • 1. Browsers sometimes fail at blocking pop-ups, pop-unders. It's a constant cat and mouse game, I have sites serving pop-unders that my Firefox can't prevent (even 'reputable' ones like LonelyPlanet). 2. Your Chrome installation may very well have gone into some weird loop *in an attempt to block the popup* - in which case there's nothing really suspicious going on. –  Jul 08 '17 at 10:09
  • @JanDoggen Thank you for your comment. The popups showed on their own. Chrome did almost nothing to stop them. My cursor was also taken over. Which in the case of a browser going nuts wouldn't have been the case. I shall add that to my description at once. – NightHowler Jul 08 '17 at 10:15

1 Answers1

1

There is a setting in Chrome to block popups but this does not mean that all popups are blocked. There is actually a valid use for popups for example to notify users that they have entered invalid information or similar. Disabling all popups would thus render some innocent sites unusable. That's why browsers employ heuristics to decide when a popup gets shown and when it gets blocked. A common part of such heuristics is that popups as a result of user interaction are allowed, i.e. if the user entered some information or clicked a checkbox or similar.

In your case the popup was shown after you've clicked on the torrent, i.e. after you've explicitly interacted with the site. Therefore the popup was probably considered valid by the heuristics and shown.

But it might also be that it wasn't actually a real popup at all what you saw. There are various ways to render information which might look like a popup but are not. For example one could create a HTML div section with a negative z-index and an absolute position which will thus overlay the existing site and look like a popup. See here for an example.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434