Clients reporting alerts from FoxNews.com

[MarcFL 24]

Visiting Foxnews.com is generating this alert:

1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially  unwanted application.

 

[itman 1,497]

I can open foxnews.com home page w/o issue using Firefox. However, uBlock Origin blocked 45 objects on that page alone.

I suspect the Eset alerts are being generated as a result of one or more malicious/PUA ad based objects from that web site. Such was the case in this 2018 posting: https://forum.pattaya-addicts.com/topic/328094-having-problems-with-the-site/page/3/ where Eset was throwing the same detection for a web site. Appears to be related to hxxps://voluum.com. Further details here: https://www.quora.com/Is-voluum-com-a-scam .

Edited January 7 by itman

[MarcFL 24]

Thanks itman.  I reported this to Foxnnews.com and eset support.

[itman 1,497]

Based on the above linked Quora article, I would say Eset's PUA detection is appropriate:

Quote

In essence, voluum is used as as a cloaker. A cloaker is a tool that allows marketers to hide the true destination of a link.

It’s mostly used by marketers to deceive ad networks like Facebook and google, which don’t allow to advertise some content.

For example, you create an ad that advertise a free casino game. When Facebook employees or systems verify the ad they see a real free game. When the ad is approved and running, visitors reach a real online casino game.

There was an article published on bloomberg that explains how this was done.

You can also check on various cyber security services like VirusTotal and will find out that lots of the voluum servers are used to distribute viruses, phishing attempts, adwares, ransom wares and all kind of other web annoyances.

So the short answer to the question: no, it’s not a scam, but it seems to be the favorite platform used to run scams.

Edited January 7 by itman

[MarcFL 24]

I also sent foxnews a link to this forum.  It appears that one of their advertises is misbehaving.