Various AV will return it as clean, but we see no best policies followed here
The subject of this thread was “Ebay Login - False Positive???” So is Avast posting a False Positive?
As an additional protection from java script redirect type malware do you recommend using a browser extension in Firefox like NoScript? If this malware, JS:Redirector-BMU [Trj], were real, would an extension like NoScript stop it? The reason I ask is that today with NoScript active, Avast does not flag a threat warning when I get to the Ebay login page. If I turn NoScript off, Avast flags the threat “We’ve safely aborted connection to www.ebay.com because it was infected with JS:Redirector-BMU [Trj].”
Also consider these scan results: https://webcookies.org/cookies/www.ebay.com/20254066
a -12 security score… also consider: https://webcookies.org/ssl/report/www.ebay.com/15798
Error here: hint #1: ‘content-type’ header media type value should be ‘text/javascript’, not ‘application/javascript’;
Static resources should have a long cache value (31536000) and use the immutable directive: public, max-age=0;
Response should be compressed with Brotli when Brotli compression is requested over HTTPS
polonus - my apologies. I did not notice that at the bottom of each of your posts you say "Use NoScript, a limited user account and a virtual machine and be safe(r)!" Thanks for this advice.
You’re welcome. Yep, NoScript and also uMatrix for that matter are solutions that will always work both for present and even for future (3rd party) script threats. Giorgio Maone presented a wonderful tool for us all to keep us much more secure inside the browser. We all know that JavaScript can be the royal way into your device’s OS for malware, adware, bloatware and potentially unwanted code.
Only if users were more aware of the benefits like we are, it would be much more secure under everyone’s browser-hood.
Have a nice day and again thanks for reporting here, stay safe and secure both offline and online,
I don’t know why that would be the case. Given eBay is a very high traffic site, that NoScript would want to block.
That said, we would need more details, screenshot or the wording to see why.
I no longer use NoScript (uBlock Origin) so I can’t check. However, you should be able to change NoScript to allow it. But I wouldn’t do that until we find why it is blocked.
I do not use NoScript nor uMatrix in a browser, that I came to appreciate some time ago for it’s effectiveness and that is Avast Secure Browser. Whenever for out of the ordinary requests and scanning I browse browsers like Iridium, beaker or Brave.
NoScript and uMatrix also always have been a bit outside the scope of the common browser user, that do not know how and why to toggle such extensions to be secure under all circumstances. I mean to know what main and third-party scripts to block and not allow or not to block and to allow.
@ polonus
Off Topic:
Since I can’t use Avast Secure Browser on all systems, I won’t be installing it on any. Plus I’m still not a fan of Chrome or chromium based browsers.
Back On Topic:
I certainly wouldn’t say NoScript is particularly complex.
I never mentioned uMatrix which is more complex, like the RequestPolicy add-on that I also used in the past.
Agree with you that not having Avast Secure Browser brought to Google-Android for instance is unfortunate, as Brave browser has been brought there, and I use it a lot on mobile’s. Even so as Avast Secure Browser is a chromium based browser of sorts.
uMatrix is not particularly complex either, just allow minimal settings to let the page function properly and know what sites to shun.
This is certainly not a false positive, the detection was triggering a redirection script.
However, as this is on ebay, I will let it pass and disable the detection, but if anyone from ebay is reading this, beware that I am strongly against this behavior!
Hmm…As upset as I was about this, If this is the case
We users would want Avast to stand the ground
We also would “strongly object to this behavior”
I hope they lost a lot of money with this. >
To support this above vision, I recently scanned at Zulu Zscaler’s, which results agree delivering a VirusTotal Content Check,
that produces a Positives count of 3 with a risk score of 30; all this for the code at
-hXtps://www.ebay.com/rdr/js/s/rrbundle.flat.min.js.
However the above risk grade does not lead to a VT flag by any of the known av-solutions.
A risk score of 30 denotes that application/javascript; charset=UTF-8 here is questionable to say the least,