False positive?

knicks_fan · September 25, 2013

While surfing WTOP.com, a legitimate website for an all news station located in Washington, DC, ESET is

complainng about a blocked address from time to time when the page reloads. The log records are all the

same, a sample follows:

9/25/2013 6:33:01 AM hxxp://delivery.globalcdnnode.com/7f01baa99716452bda5bba0572c58be9/afr-zone.php Blocked by internal blacklist C:\Program Files\Internet Explorer\iexplore.exe <company>\<userid>

I have had no luck contacting the webmasters of WTOP.com. Can someone at ESET doublecheck and see

what is so offensive at the website listed in the log record above?

Arakasi · September 25, 2013

knicks , it seems the host of the domain is the trigger, not the website itself.

The host was subjected to threat Mal/HTMLGen-A at some point or another, which is possibly a short term for malicious html coding virus/trojan.

One company mentions Phishing.

Marcos · September 25, 2013

It's blocked because of a Java exploit present on the domain.

knicks_fan · September 26, 2013

Thanks. I switched to Firefox to visit the news website and have not gotten any alerts. I have e-mailed WTOP's

webmasters again to look into this. Probably won't hear from them.

Recommended Posts