MarcFL 26 Posted January 7, 2023 Share Posted January 7, 2023 Visiting Foxnews.com is generating this alert: 1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP: %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application. 1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP: https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially unwanted application. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 7, 2023 Share Posted January 7, 2023 (edited) I can open foxnews.com home page w/o issue using Firefox. However, uBlock Origin blocked 45 objects on that page alone. I suspect the Eset alerts are being generated as a result of one or more malicious/PUA ad based objects from that web site. Such was the case in this 2018 posting: https://forum.pattaya-addicts.com/topic/328094-having-problems-with-the-site/page/3/ where Eset was throwing the same detection for a web site. Appears to be related to hxxps://voluum.com. Further details here: https://www.quora.com/Is-voluum-com-a-scam . Edited January 7, 2023 by itman Link to comment Share on other sites More sharing options...
MarcFL 26 Posted January 7, 2023 Author Share Posted January 7, 2023 Thanks itman. I reported this to Foxnnews.com and eset support. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 7, 2023 Share Posted January 7, 2023 (edited) Based on the above linked Quora article, I would say Eset's PUA detection is appropriate: Quote In essence, voluum is used as as a cloaker. A cloaker is a tool that allows marketers to hide the true destination of a link. It’s mostly used by marketers to deceive ad networks like Facebook and google, which don’t allow to advertise some content. For example, you create an ad that advertise a free casino game. When Facebook employees or systems verify the ad they see a real free game. When the ad is approved and running, visitors reach a real online casino game. There was an article published on bloomberg that explains how this was done. You can also check on various cyber security services like VirusTotal and will find out that lots of the voluum servers are used to distribute viruses, phishing attempts, adwares, ransom wares and all kind of other web annoyances. So the short answer to the question: no, it’s not a scam, but it seems to be the favorite platform used to run scams. Edited January 7, 2023 by itman Link to comment Share on other sites More sharing options...
MarcFL 26 Posted January 7, 2023 Author Share Posted January 7, 2023 I also sent foxnews a link to this forum. It appears that one of their advertises is misbehaving. Link to comment Share on other sites More sharing options...
PMIadmin 0 Posted February 16, 2023 Share Posted February 16, 2023 Is this something new with ESET? I am getting numerous workstations now reporting this as cause "JS/Voluum.A". Its not just foxnews, its people.com, howtogeek.com, cnn.com and others. Link to comment Share on other sites More sharing options...
itman 1,659 Posted February 16, 2023 Share Posted February 16, 2023 (edited) 58 minutes ago, PMIadmin said: numerous workstations now reporting this as cause "JS/Voluum.A". Its not just foxnews, its people.com, howtogeek.com, cnn.com No problem connecting to any of those web sites using Firefox. However, I am using uBlock Origin as my browser ad blocker. My suspicion is Eset is detecting a malicious ad on these web sites. -EDIT- Confirmed. A bit of info on voluum.com here: https://www.quora.com/Is-voluum-com-a-scam Edited February 16, 2023 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted February 17, 2023 Administrators Share Posted February 17, 2023 Did you get to the sites by clicking an ad somewhere? Asking since firefoxnews.com was not opened directly but via mv.outbrain.com. Link to comment Share on other sites More sharing options...
Recommended Posts