You are an Idiot! (dot cc)
The official HTML5 port of the legendary infamous YouAreAnIdiot JS Trojan. As the de-facto owner of «You are an Idiot» for more than 3 years, I decided to assemble a little write-up. I will update it with latest news and developments, as we progress. Last updated: 14th of October 2024 (2024/10/14)
False positive — an attack on Internet history
On October 6th of 2024 (2024/10/06) the domain name was withheld by the registrar without any notice. A good samaritan on Twitter brought it to my attention, and I immediately contacted the registrar to resolve the issue. Apparently, the domain name was suspended due to the false abuse report spam, which claimed phishing activities on the lol.html page.
Figuring out the mental gymnastics required to take down a page consisting of entirely of flashing shapes and free of any POST requests for phishing are left as an exercise to the reader. The registrar was kind enough to reach out and swiftly restore the domain name, and I am grateful for that — they have an actual human support team there...
Oh right, all abuse requests are being processed by AI. It doesn't matter what you host — if a malicious actor targets you, the only barrier they have to pass is the AI algorithm, and it's ridiculously easy to fool. The AI revolution significantly degraded the Internet quality, and the support field especially suffered from this.
As a result, what we have now is forced presumption of guilt on social media, and what's even worse — the same trend surfaces on hosting providers and domain registrars. The global segmentation of the Internet is unavoidable and happening right now. Both state-enforced and internal (local to a service or social media) censorship will only grow stronger, and the Internet will entirely lose its charm, as real human users get replaced with AI bots and malicious botnets keep attacking inconvenient resources.
Expect your favorite resources to be moved to a darknet or a private network, as the surface net becomes a place of constant war. 😉
At the time of writing this, the NS-provider still displays a false phishing scare.
What happened to youareanidiot.org?
Ever since 2019, there has been a smoke of uncertainty around the youdontknowwhoiam.org successor, youareanidiot.org. Somewhere in the beginning of that year, the website just stopped working out of the blue, and if I recall correctly, it never came back.
It wasn't the lack of interest that ended the youareanidiot.org website. In fact, the domain is still likely owned in tandem by ADR/Jazzy - the most recent domain payment invoice dates 12th of July, 2023 (2023/07/12), that's considering it's an .ORG TLD and you can freely add multiple years to it in one batch (there are certain complications with .CH / .LI / .FR and a few other TLDs where you have to renew them annually in a 16-day grace period, 2 weeks prior to expiration).
That implies they're still active and pay for the domain, albeit once per year. Seemingly, they parked the domain and forgot to point it back to the host with the safe version deployed. In fact, you can probably mail them at [email protected], if they do accept and check mails. The SPF record does seem to be misconfigured though. I doubt that's a parking stub, though it might be.
Modern browser policies would have killed the malicious bit in the original website anyway, so modern solutions were necessary to keep the legacy of this website afloat. I believe I've been at least somewhat successful in restoring that archaic piece.
Maintaining difficulties
I'm considering another possibility of the original website shutdown, and I believe it deserves a separate paragraph. Maintaining difficulties.
No, I'm not talking about the service costs and lack of support from the community. I'm talking about direct sabotage from the so-called «Antivirus Trust Contributors», and a decent chunk of the community is a part of that disgusting flock. While they're doing an alright job detecting some malicious websites and grading them accordingly, their job is not helping with maintaining a mirror of a funny JavaScript trojan that's already been crippled by the modern browser policies and reviewed everywhere.
Here's the current VirusTotal rating for the host of youareanidiot.cc, as well as the rating for the domain name. As you can see, youareanidiot.cc has a horrible reputation on VirusTotal due to the contributors reporting it left and right. As a result, back in February, 2023 I had to settle a bunch of real abuse reports, while temporarily shutting down the mirror to avoid legal consequences.
ADR and Jazzy's youareanidiot.org, unfortunately, met the same fate, and despite being a safe mirror, it got TENFOLD the amount of negative reviews. The domain is also rated overwhelmingly negatively.
A quite possible reason for the sunset of youareanidiot.org could be constant negative VT (– VirusTotal) reports, which resulted in a real investigation from the host (some hosts do care about their server reputation), which then followed by termination of the original maintainers' accounts. All because of our web justice warriors called «Antivirus Trust Contributors». Everybody must be very thankful for such a (dis)service.
As for youareanidiot.cc, I haven't had to deal with any abuse reports ever since I explained everything in detail to my hoster and registrar. I also have a large community and a following that helped me clean the reputation of my host, which ADR and Jazzy didn't have, instead they only had enemies for hosting a SAFE mirror.
As for VirusTotal, once my lovely malware-preserving community kicked in to save the day, there have been absolutely baffling comments on VirusTotal, for example:
Also known as Trojan.JS.Offiz.That's uncalled for. What am I supposed to do if I'm getting spammed actual abuse and legal reports due to your unhealthy VirusTotal reporting obsession? Do you wholeheartedly believe reporting the domain/host on VirusTotal is not going to yield any real world consequences?
Creator instructed their fan base to spam vote it as safe…
Now sir, you might be reporting the project on purpose, but what are you fighting against? Internet history? There's phishing all across the Internet and there are even more direct undetected trojans plaguing our web, a beautiful place. Are you seriously going to sell your dignity for hate and/or VirusTotal good boy points?
Changelog
I had been planning to remake the original website for quite a bit, after 6 consecutive months of downtime I've seen on youareanidiot.org in 2019. The domain was first acquired on 29th of May, 2020 (2020/05/29). Henceforth, there have been some groundbreaking changes.
v1.0 2020/06
- Tweaked the malicious you.jsscript to comply with modern browser standards;
- Might have made the pop-ups way too obnoxious in attempts to replicate original behavior... 🙁 onmouseouthas extremely high entropy and the malicious script is probably far worse than it has ever been. Still kept it;
- Flash Player is steadily going away, just a few months before its EOL - replaced the SWF animation with a 1080p video.
v1.1 2021/10
- Light malicious script tweaks & modifications to comply with new, stricter browser policies;
- JavaScript code cleanup.
v1.2 2023/08
- Upgraded the pop-up algorithm to be far more consistent and predictable. onmouseoutwas horrendous in hindsight, replaced withonclickandonkeydown, and a few other event listeners. The website isn't as malicious anymore, but much more controllable - I believe it's a fair trade-off;
- Added the all too familiar audio overlap. Whoever visited the original website will be able to tell the difference, and it does make a substantial one;
- Made all the clickable elements dynamic;
- Made version number show in the footer;
- Updated the stylesheets for better readability and removed questionable design choices;
- Added an option for feedback. Feedback is always welcome! Send your thoughts and suggestions my way: [email protected].
v1.3 2023/08
- Overhauled the animation - now it finally uses SVG. It's long overdue, it always felt like an injustice serving the animation as a 1080p@60fps 4-second video, which takes up 1.8MB. Honestly, feels like serving patch notes in a PNG format;
- Fixed the backend configuration to comply with modern standards of data serving;
- Fixed the character set and viewport meta tags;
- Fixed broken SVG for mobile viewport devices;
- Made the safe version (without pop-ups and whatnot) available at youareanidiot.cc/safe
- Dissolved the one and only you.jsinto modules. Should say, it's also long overdue, but I also had conflicting thoughts about keeping it true to the original for all those years;
- Made legacy link consistent with hurr-durr.cc;
- Published the previously private changelog.
v1.4 2023/09
- Fixed the animation - I feel terrible for using JS to animate the keyframes. Now I am using CSS for its actual purpose;
- Fixed the legacy version not working on Windows XP and older clients;
- Fixed the annoying JS confirmation alert before payload start;
- Removed obsolete code and employed better, cleaner solutions for the payload;
- Updated the website to support the default dark color scheme (just for funzies).
v1.5 2024/10
- Moved to the next-generation AVIF format — that increased the icon quality 8 times without any trade-off;
- Added a news alert functionality.
Contacts
Any questions, thoughts and suggestions are greatly appreciated. Mail me at [email protected] if you've got anything YouAreAnIdiot to ask or propose. For fan mails or anything concerning the creator, please use [email protected].
© Enderman,