Site preventing user from closing tab/closing browser
Update: this is no longer a concern on Firefox (29+) and Chrome (version? not sure if it was ever an issue there). Firefox will only display a single dialog now.
Firefox 31 additionally makes the dialog non-modal, and will also close the window if you press the close button a second time.
Unfortunately, IE11 still shows multiple dialogs. I'm not sure if Microsoft is aware of this issue.
The method is pretty simple, actually. If you inspect the source, you'll see a lot of repetition of this line:
<iframe test="test" srcdoc="<script> window.onbeforeunload=function(env){ return 'YОUR BRОWSЕR HAS BЕЕN LОCKЕD. АLL PC DАTА WILL BЕ DЕTАINЕD АND CRIMINАL PRОCЕDURЕS WILL BЕ INITIАTЕD АGАINST YОU IF THЕ FINЕ WILL NОT BЕ PАID.';} </script>" src="au/close.php"></iframe>
Basically, they have a whole bunch of iframes and each iframe can trigger the 'are you sure you want to leave' message once. It's not infinite by any means (as Braiam said, you can just hold down enter on the leave page), but it's probably enough to trick some people.
This is arguably behaving as intended - though it may be better to add one of those "don't show again" checkboxes, much like they do for alert popups.
Another way to prevent this kind of thing is to disable JavaScript on sites you don't trust. NoScript works well. This can, however, be somewhat annoying and/or break sites at times.
For the interested: Chrome actually displays one long dialog. That comes with its own problems - and this is a browser bug - the buttons get pushed out of the bottom of the page (happens with any too-long Chrome popup). You can still hit enter. The Chrome dialog seems to be initiated by a different alert popup, and it actually doesn't seem to display the iframe unload text at all - it's likely they added this specifically to trap Chrome users:
<script type="text/javascript">window.onbeforeunload = function(env){var str = '\n\nUw br' + 'оws' + 'еr is gе' + 'blо' + 'kkе' + 'еrd.\n\nAl' + 'le P' + 'C dа' + 'tа zu' + 'lle' + 'n wо' + 'rde' + 'n vа' + 'stgе' + 'hou' + 'den e' + 'n st' + 'rаf' + 'rес' + 'htе' + 'li' + 'jk' + 'е pr' + 'ocе' + 'dur' + 'es zu' + 'lle' + 'n wо' + 'rd' + 'en ing' + 'еlе' + 'id te' + 'ge' + 'n u al' + 's d' + 'e bo' + 'еt' + 'е ni' + 'et wo' + 'rd' + 't be' + 'taa' + 'ld.\n\n';
alert(str);
return str;
}
</script>
Again, it's nothing more than a scary popup that seems to be impossible to get rid of. Malicious? Yes. Actually dangerous? Not really. As long as you don't fall for the scam.
Also of potential interest is that they do display your public IP and approximate location. This is a fairly standard scare tactic on these scam sites and really isn't anything special - any site you connect to can get your public IP, and public GeoIP databases can usually provide the approximate location. If you're really worried, go get a VPN or anonymous proxy to connect through.