'Browser crasher' links spread among Japanese Twitter users

The links lock up browsers on Windows, Android and iOS operating systems

Twitter users in Japan have been warning of a growing number of messages with embedded links that cause mobile and PC browsers to display taunting messages and freeze.

Many of the messages are sent by what appear to be dummy accounts with a message that asks users to visit a blog, using feminine speech and heart icons. But the destination link uses JavaScript to create an endless loop and displays a pop-up dialog that reads "this won't disappear no matter how many times you click" and a taunting face.

The URLs appear to cause no lasting damage to their target and pose no security risk.

Many on Twitter posted warnings through the weekend Monday in Japanese not to click on the blog invites. Older tweets included messages asking how to restart their frozen browsers.

In a blog posting Friday, Tokyo-based security firm Trend Micro said it had first identified the URLs, which it calls "browser crashers," in April of last year. But it said they had spiked in recent weeks, with the company identifying 300 cases from March 7 through March 19.

"From our analysis of the makeup of the browser crasher page, it appears to be a simple endless loop written in JavaScript, and not an illicit program or attack on another program's weak point," Trend Micro wrote.

The company referred to a Japanese case in 2011 where a user was arrested for making a popular chat site unusable using similar code. It said the current wave of URLs affect browsers in Windows, Android and iOS.

Trend Micro recommends that those who click on one of the links restart their browsers or mobile phones. Because some mobile browsers automatically reopen the last page visited, it may also be necessary for users to clear their caches or turn off JavaScript to escape the loop.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies