You are an Idiot! (dot cc)
The official HTML5 port of the legendary infamous YouAreAnIdiot JS Trojan. As the de-facto owner of "You are an Idiot" for more than 3 years, I decided to assemble a little write-up. I will update it with latest news and developments, as we progress. Last updated: 13th of September, 2023 (2023/09/13)
What happened to youareanidiot.org?
Ever since 2019, there has been a smoke of uncertainty around the youdontknowwhoiam.org successor, youareanidiot.org. Somewhere in the beginning of that year, the website just stopped working out of the blue, and if I recall correctly, it never came back.
It wasn't the lack of interest that ended the youareanidiot.org website. In fact, the domain is still likely owned in tandem by ADR/Jazzy - the most recent domain payment invoice dates 12th of July, 2023 (2023/07/12), that's considering it's an .ORG TLD and you can freely add multiple years to it in one batch (there are certain complications with .CH / .LI / .FR and a few other TLDs where you have to renew them annually in a 16-day grace period, 2 weeks prior to expiration).
That implies they're still active and pay for the domain, albeit once per year. Seemingly, they parked the domain and forgot to point it back to the host with the safe version deployed. In fact, you can probably mail them at [email protected], if they do accept and check mails. The SPF record does seem to be misconfigured though. I doubt that's a parking stub, though it might be.
Modern browser policies would have killed the malicious bit in the original website anyway, so modern solutions were necessary to keep the legacy of this website afloat. I believe I've been at least somewhat successful in restoring that archaic piece.
I'm considering another possibility of the original website shutdown, and I believe it deserves a separate paragraph. Maintaining difficulties.
Here's the current VirusTotal rating for the host of youareanidiot.cc, as well as the rating for the domain name. As you can see, youareanidiot.cc has a horrible reputation on VirusTotal due to the contributors reporting it left and right. As a result, back in February, 2023 I had to settle a bunch of real abuse reports, while temporarily shutting down the mirror to avoid legal consequences.
ADR and Jazzy's youareanidiot.org, unfortunately, met the same fate, and despite being a safe mirror, it got TENFOLD the amount of negative reviews. The domain is also rated overwhelmingly negatively.
A quite possible reason for the sunset of youareanidiot.org could be constant negative VT (– VirusTotal) reports, which resulted in a real investigation from the host (some hosts do care about their server reputation), which then followed by termination of the original maintainers' accounts. All because of our web justice warriors called "Antivirus Trust Contributors". Everybody must be very thankful for such a (dis)service.
As for youareanidiot.cc, I haven't had to deal with any abuse reports ever since I explained everything in detail to my hoster and registrar. I also have a large community and a following that helped me clean the reputation of my host, which ADR and Jazzy didn't have, instead they only had enemies for hosting a SAFE mirror.
As for VirusTotal, once my lovely malware-preserving community kicked in to save the day, there have been absolutely baffling comments on VirusTotal, for example:
Also known as Trojan.JS.Offiz.That's uncalled for. What am I supposed to do if I'm getting spammed actual abuse and legal reports due to your unhealthy VirusTotal reporting obsession? Do you wholeheartedly believe reporting the domain/host on VirusTotal is not going to yield any real world consequences?
Creator instructed their fan base to spam vote it as safe…
Now sir, you might be reporting the project on purpose, but what are you fighting against? Internet history? There's phishing all across the Internet and there are even more direct undetected trojans plaguing our web, a beautiful place. Are you seriously going to sell your dignity for hate and/or VirusTotal good boy points?
I had been planning to remake the original website for quite a bit, after 6 consecutive months of downtime I've seen on youareanidiot.org in 2019. The domain was first acquired on 29th of May, 2020 (2020/05/29). Henceforth, there have been some groundbreaking changes.
- Tweaked the malicious
you.jsscript to comply with modern browser standards;
- Might have made the pop-ups way too obnoxious in attempts to replicate original behavior... 🙁
onmouseouthas extremely high entropy and the malicious script is probably far worse than it has ever been. Still kept it;
- Flash Player is steadily going away, just a few months before it's EOL - replaced the SWF animation with a 1080p video.
- Light malicious script tweaks & modifications to comply with new, stricter browser policies;
- Upgraded the pop-up algorithm to be far more consistent and predictable.
onmouseoutwas horrendous in hindsight, replaced with
onkeydown, and a few other event listeners. The website isn't as malicious anymore, but much more controllable - I believe it's a fair trade-off;
- Added the all too familiar audio overlap. Whoever visited the original website will be able to tell the difference, and it does make a substantial one;
- Made all the clickable elements dynamic;
- Made version number show in the footer;
- Updated the stylesheets for better readability and removed questionable design choices;
- Added an option for feedback. Feedback is always welcome! Send your thoughts and suggestions my way: [email protected].
- Overhauled the animation - now it finally uses SVG. It's long overdue, it always felt like an injustice serving the animation as a 1080p@60fps 4-second video, which takes up 1.8MB. Honestly, feels like serving patch notes in a PNG format;
- Fixed the backend configuration to comply with modern standards of data serving;
- Fixed the character set and viewport meta tags;
- Fixed broken SVG for mobile viewport devices;
- Made the safe version (without pop-ups and whatnot) available at youareanidiot.cc/safe
- Dissolved the one and only
you.jsinto modules. Should say, it's also long overdue, but I also had conflicting thoughts about keeping it true to the original for all those years;
- Made legacy link consistent with hurr-durr.cc;
- Published the previously private changelog.
- Fixed the animation - I feel terrible for using JS to animate the keyframes. Now I am using CSS for its actual purpose;
- Fixed the legacy version not working on Windows XP and older clients;
- Fixed the annoying JS confirmation alert before payload start;
- Removed obsolete code and employed better, cleaner solutions for the payload;
- Updated the website to support the default dark color scheme (just for funzies).
Any questions, thoughts and suggestions are greatly appreciated. Mail me at [email protected] if you've got anything YouAreAnIdiot to ask or propose. For fan mails or anything concerning the creator, please use [email protected].
© Enderman, 2023