Jump to content

Recommended Posts

Posted

Visiting Foxnews.com is generating this alert:

1/6/2023 21:15:54 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2F&settings=true&recs=true&widgetJSId=AR_31&key=NANOWDGT01&version=201033&apv=false&sig=oi4385zg&format=html&rand=54536&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|0|1&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&srcUrl=https%3A%2F%2Fmoxie.foxnews.com%2Fgoogle-publisher%2Flatest.xml&scrW=2064&scrH=864&t=NjViYTAyNzNjNDE5YzUxMTljMWYwOGVmZjRjNDVhNmY=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=0&lastIdx=0&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=1373&darkMode=false&activeTab=true&ogn=https%3A%2F%2Fwww.foxnews.com%2F&chs=1 contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:17:41 PM - Module JavaScript scanner - Threat Alert triggered on computer RAY-WKSTATION-HP:  %DETECTEDOBJECT% contains JS/Voluum.A potentially unwanted application.

1/6/2023 21:19:23 PM - Module %SCANNER% - Threat Alert triggered on computer RAY-WKSTATION-HP:  https://mv.outbrain.com/Multivac/api/get?url=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&settings=true&recs=true&widgetJSId=AR_32&key=NANOWDGT01&version=201033&apv=false&sig=whm1sfWm&format=html&rand=49678&lsd=4e2584f1-d83c-469e-be31-b028605d0e0f&lsdt=1656816974887&osLang=en-US&seid=3b22f297-34a8-482a-0000-01858a034d6a|207677|3&va=true&et=true&cmpStat=0&ccpa=1---&ccpaStat=1&scrW=2064&scrH=864&t=NTljZjI3NThmYjQ1OTI1YTg4M2U0NjAyMWE1OWU5ZmM=&winW=1405&winH=664&adblck=false&abwl=false&secured=true&feedIdx=1&lastIdx=10&lastCardIdx=0&fAB=12203-42692&layeredTestInfo=12203-42692-,12224-86319-&dpr=1.6666666666666667&cw=404&darkMode=false&activeTab=false&ref=https%3A%2F%2Fwww.foxnews.com%2F&ogn=https%3A%2F%2Fwww.foxnews.com%2Fpolitics%2Fdesantis-activates-national-guard-amid-migrant-surge-florida-keys&chs=1 contains JS/Voluum.A potentially  unwanted application.

 

Posted (edited)

I can open foxnews.com home page w/o issue using Firefox. However, uBlock Origin blocked 45 objects on that page alone.

I suspect the Eset alerts are being generated as a result of one or more malicious/PUA ad based objects from that web site. Such was the case in this 2018 posting: https://forum.pattaya-addicts.com/topic/328094-having-problems-with-the-site/page/3/ where Eset was throwing the same detection for a web site. Appears to be related to hxxps://voluum.com. Further details here: https://www.quora.com/Is-voluum-com-a-scam .

Edited by itman
Posted

Thanks itman.  I reported this to Foxnnews.com and eset support.

Posted (edited)

Based on the above linked Quora article, I would say Eset's PUA detection is appropriate:

Quote

In essence, voluum is used as as a cloaker. A cloaker is a tool that allows marketers to hide the true destination of a link.

It’s mostly used by marketers to deceive ad networks like Facebook and google, which don’t allow to advertise some content.

For example, you create an ad that advertise a free casino game. When Facebook employees or systems verify the ad they see a real free game. When the ad is approved and running, visitors reach a real online casino game.

There was an article published on bloomberg that explains how this was done.

You can also check on various cyber security services like VirusTotal and will find out that lots of the voluum servers are used to distribute viruses, phishing attempts, adwares, ransom wares and all kind of other web annoyances.

So the short answer to the question: no, it’s not a scam, but it seems to be the favorite platform used to run scams.

Edited by itman
Posted

I also sent foxnews a link to this forum.  It appears that one of their advertises is misbehaving.

  • 1 month later...
Posted

Is this something new with ESET? I am getting numerous workstations now reporting this as cause "JS/Voluum.A". Its not just foxnews, its people.com, howtogeek.com, cnn.com and others.

Posted (edited)
58 minutes ago, PMIadmin said:

numerous workstations now reporting this as cause "JS/Voluum.A". Its not just foxnews, its people.com, howtogeek.com, cnn.com

No problem connecting to any of those web sites using Firefox. However, I am using uBlock Origin as my browser ad blocker.

My suspicion is Eset is detecting a malicious ad on these web sites.

-EDIT- Confirmed. A bit of info on voluum.com here: https://www.quora.com/Is-voluum-com-a-scam

Edited by itman
  • Administrators
Posted

Did you get to the sites by clicking an ad somewhere? Asking since firefoxnews.com was not opened directly but via mv.outbrain.com.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...