morezen 0 Posted January 23, 2017 Share Posted January 23, 2017 Hi there Out of the blue on 23rd January 2017, ESET Smart Security 10.0.369.0 has started blocking Facebook Javascript from a major Australian website. ESET virus signature database = 14813 This is a major news website, which I visit multiple times every day for over 10 years and then suddenly one element is being blocked. Everytime I go to a different page on the same site, ESET pop-up is reporting Address has been blocked. Website in question is:hxxp://www.abc.net.au/news/ ESET logs report this: Time;URL;Status;Application;User;IP address;Threat 23/01/2017 5:40:29 PM;https://connect.facebook.net/en_US/fbevents.js;Blocked by internal blacklist;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe;ZEN\ArcAn;31.13.95.12; Is this a false positive or a new threat that website in question needs to fix ? Regards Derek Link to comment Share on other sites More sharing options...
mr_stealth 1 Posted January 23, 2017 Share Posted January 23, 2017 I just started seeing this on quite a few pages, many being rather big sites like GreenManGaming.com, HumbleBundle.com, and Asus.com. It seems to be happening on a lot of sites with Facebook follow/like links on them. The Eset alerts actually stopped when I enabled the "Anti-Thirdparty social" filter list in uBlock Origin adblocker, which also points to the social links on these sites being the source of the detected malware. Looking up a couple of the IP addresses listed in the Eset log shows that they are indeed owned by Facebook. If anything is compromised, it seems that it's likely Facebook itself. I'd definitely like to know if that's the case, or if it's just a false positive. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,130 Posted January 23, 2017 ESET Moderators Share Posted January 23, 2017 Hello, there was indeed a FP, which has been already removed from the blacklist. Installations with LiveGrid enabled should be able to access those sites already. WE are sorry for the inconvenience. Regards, P.R. Link to comment Share on other sites More sharing options...
mr_stealth 1 Posted January 23, 2017 Share Posted January 23, 2017 Thanks for the info, and nice job on the quick fix. Good to know it's just a FP. I've already stopped seeing the alerts for the pages that were showing it. Link to comment Share on other sites More sharing options...
morezen 0 Posted January 23, 2017 Author Share Posted January 23, 2017 Thanks for the quick response Peter Link to comment Share on other sites More sharing options...
Recommended Posts