JSEcode blocked as malware

Front Page Forums Webmasters JSEcode blocked as malware

This topic contains 21 replies, has 2 voices, and was last updated by  Dave 8 months, 1 week ago.

Viewing 15 posts - 1 through 15 (of 22 total)
  • Author
    Posts
  • #1499 Reply

    Dragos

    Hi,

    I just got a report from one of my users, that JSEcoin code is treated as malware.screenshot

    Please advise.

    Thanks,
    Dragos

    #1504 Reply

    James

    Hi Dragos,

    Do you know which anti-virus software he is using? A few of the anti-virus companies are treating all browser based cryptocurrency mining platforms as malware. It’s a pain because there are one or two companies that are causing a problem by doing things in the background without notifying users and we are getting thrown in under the same umbrella.

    We’ve complained and kicked up a fuss with them and have got the all clear on most.

    VirusTotal is reporting the domain as clean across all blacklists:
    https://www.virustotal.com/#/url/621fcbc9be715d9dbc27f4343a9eac02036ac3436159584015a537dea0858c21/detection

    If I can find out what anti-virus software it is that is causing the alert we will contact them directly.

    Thanks and sorry about this issue.

    James

    #1519 Reply

    Dragos

    It’s Bitdefender, AFAIK. Thanks for clarifying this!

    Best
    Dragos Roua

    #1520 Reply

    James

    Just following up. We’ve raised a ticket here and are waiting to hear back: https://www.bitdefender.co.uk/consumer/support/

    #4601 Reply

    JSE Admin
    Keymaster

    Received a response and have followed up here:

    Hi Sergiu,

    So is your policy to block all web based crypto-mining software? Our platform is nothing like the hidden background miners and I feel like we’ve been bundled into the same basket with them.

    If you get a chance to take a look at the platform https://platform.jsecoin.com perhaps you’ll agree it should be treated differently and not flagged as a threat or malware.

    Kind regards,

    James
    JSEcoin

    On 15/11/2017 06:35, Bitdefender Support Center wrote:
    >
    > Hello James,
    >
    > Thank you for your patience.
    >
    > The domain itself is not detected because the website is clean. However, the specific link in the blog post (https://server.jsecoin.com/load/) contains a CoinMiner that is properly detected as Application.CoinMiner.M.
    >
    > Let us know if we can be of further assistance.
    >
    > Have a nice day ahead!
    >
    > Best regards,
    > Sergiu Colgiu
    > Technical Support Engineer
    > semnatura.jpg
    > http://www.bitdefender.com/support
    > http://forum.bitdefender.com
    >

    #4838 Reply

    Nick

    The main problem with loading JSE Coin code onto our sites is that it is getting blocked by anti-virus companies like mentioned above. I have MalwareBytes installed on my computer, everytime I load a page MalwareBytes shows a block for the JSE Coin Miner. Most large web portals are not going to want to sacrifice user experience for installing your code if it makes people think there are infections on the sites and every page as they traverse a community portal.

    This project is promising which is why I am chiming in. I believe you need to spend more time with the Anti-Virus companies and make sure you are talking to the right people. A level 1 responder is going to reply to you with generic responses. You need to work your way up the chain of command to people who can actually make a difference and seperate JSE Coin from the rest and not block it. This may be a level 3 or level 4 employee or maybe even higher. Call them, continue to ask for supervisors, upper level management, etc. Ask them exactly what you need to do be removed from their list and by all means comply and prove that this is a White Hat operation.

    #4841 Reply

    Nick

    Maybe consider rather than having the toolbar disappear completely have it minimize down to the size of one of those Google AdSense icons and give people browsing the site some settings when they hover over your logo or a coin icon. Let them increase or decrease the throttle of the mining. This will allow them to turn it up if they like the site, or down (or off) if they do not want their resources being tapped. This will take you one step closer to getting an exclusion from the executives at MalwareBytes and BitDefender.

    #4847 Reply

    JSE Admin
    Keymaster

    Hi Nick, this is great advice. I really like the idea of reducing the notice to a small icon after a set period. My only concern would be that it might get in the way of some webmasters sites, especially on mobile where there’s not a lot of space. We have a thread about the privacy notice, I hope you don’t mind if I copy and paste your suggestion into and ask for webmaster feedback.

    Regarding the anti-virus companies this is an ongoing battle. The technology is very polarizing and it seems people either love it or hate it. Most anti-virus and ad blocking companies approach it with a negative preconception. I just came off the phone with one representive of a company where the conversation started off as “does your site contain links to malware” and ended up with him setting up an account and asking advice on altcoin investments. I really believe if we can get people to take the time to test the platform then we have a good chance of getting white listed.

    On a side note we have developed some software which we will be releasing publicly which checks a big list of adblockers/av companies for listings automatically.

    #5074 Reply

    Carsten

    Heimdal security is also blocking your site.

    Hello Carsten,

    Thank you for your message.

    This website is blocked because in the last period of time it has been detected as malicious and for distributing all kinds of Trojans.

    Please see more here, scroll down and you will see all the information: https://www.virustotal.com/#/domain/jsecoin.com
    Kind Regards,

    Bogdan Dolohan
    Heimdal Security A/S & Heimdal Security SRL
    http://www.heimdalsecurity.com/

    #5082 Reply

    James

    Hi Carsten, thanks for letting us know. It looks like this is related to Kaspersky and Malware Bytes which are the two virus total sites that have flagged our domain name. Kaspersky we have spoken to today and I’m confident we are getting some with. Malware Bytes are a little bit harder to deal with and don’t seem very open to discussing the differences between our platform and hidden background miners.

    We will keep trying to achieve whitelisted status with both companies, whatever that takes.

    #5083 Reply

    James

    Just for the record we obviously aren’t distributing any kinds of trojans. The site is getting flagged because its web based cryptocurrency mining and we have been thrown in the same basket as the hidden background miners. There never has been any incidents of actual malware on the jsecoin.com domain

    #5094 Reply

    JSE Admin
    Keymaster

    FYI:

    ————————————————–
    Could you take a look at our platform at https://jsecoin.com

    It is quite different to the hidden background js-miners and I feel we are being unfairly bundled into the same basket.

    We have never and will never take part in hidden background mining.

    Users are complaining because the software is warning of trojans and malware on the platform and this clearly isn’t true.

    Kind regards,

    James

    > Hello,
    >
    > The URL is on blacklist because it contains js-miners.
    >
    > Sincerely yours,
    > [name removed], Malware Analyst, Kaspersky Lab
    >
    > 39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com

    #5307 Reply

    Rynem

    I’m being flagged by Kaspersky. Just adding that here for you.
    Also, a little advice. If you take a look at the reviews on your WordPress plugin, you will see a review from a “security company”. Now wether they are a legitimate security company or not is another matter but their advice actually makes sense to stand out from the rest.
    Rather than having a “opt out” option on the banner, have the banner open and offer the user the option to “opt in” instead.
    Now this obviously would be detrimental to the platform so I’m putting my own spin on that advice too.
    Why not have a banner open up saying “This website is being monetized by crypto mining – to opt out, click here. Unobtrusive mining will commence in 10 seconds”
    That way, you are giving users a warning that mining is going to take place BEFORE the mining actually takes place.
    If they don’t notice the banner, it starts anyway. If they do notice the banner, they can either opt in or out.
    If they manually opt in, it should mine at 100% it’s current ability. If it is an automated opt in from no response, it should mine at 50% capacity.
    This means those people who “like” the site, help more than those who are just viewing.
    I hope all that makes sense…!

    #5308 Reply

    James

    Hey Rynem,

    That makes sense. We do actually have the mining delayed until after the privacy notice is displayed on publishers sites. I think an opt-in option to boost the rate would be difficult to do without incentivizing the user someway and that is very difficult to do because 99.99% of visitors don’t have an account.

    RE: Kaspersky, this is the current email conversation with them, they are a difficult company to work with.

    Hello,

    1) Yes the mining process starts after the 15 second privacy notification has ended. So the user has enough time to opt-out. If you feel we need to increase this time period we could. The system is opt-out because it wouldn’t work as an opt-in model for all the same reasons digital advertising doesn’t work as opt-in. Our mining process isn’t resource intensive and consumes less resources in testing than an auto-loading video advertisement. I feel that we aren’t doing anything worse than the big companies that are running digital ads. From a user experience perspective less resources are consumed and our system is less intrusive than advertising.

    2) We could potentially increase the time the privacy notification displays or display it for a set amount of time and then shrink it down to a tiny icon in the bottom of the screen so users can always reach the opt-out link from the icon. This was something we discussed with webmasters in this thread and I think will be pushed out in the next update: https://jsecoin.com/forums/topic/privacy-notification/page/2/#post-4851

    Would this help us reach compliance? If so we can bring this forward as a priority and get it rolled out in the next week.

    3) The wording of the notification is also discussed earlier in that thread. We can not put too much text in there because it needs to display on all devices including older mobile devices which don’t have much room but if you would prefer we could potentially add a smaller line underneath the main notification for desktop devices with something like “Mathematical mining process will start consuming a small amount of resources starting in x seconds”

    The opt-in model we have a system in place where users can register at https://platform.jsecoin.com and do what we call self-mining. As previously discussed I don’t see how it would be possible to run the publisher mining effectively as an opt-in model. I think trying to make the opt-out system work for publishers in a way that is transparent and ethical is better than having no system at at all. However I am biased because our business model is dependant on us getting this right.

    Thank you for taking the time to look at our platform. I hope this answers your queries and goes some way to showing our commitment to working with your compliance team.

    Kind regards,

    James Bachini

    On 26/12/2017 18:50, [email removed] wrote:
    > Hello,
    >
    > we agree that any type of opt-out is better than completely hidden mining.
    > But still, do you confirm that in jsecoin:
    > 1) Mining process on publisher sites is started just after page load and without visitors consent
    > 2) Visitor has about 15 seconds or so to notice banner and take action. If he doesn’t, banner dissapears and mining continues unnoticeably
    > 3) Displayed privacy notice does state that Website is monetized with cryptocurrency mining, but it doesn’t mention that visitor’s hardware is utilized for this monetization right now?
    >
    > Have you considered opt-in model, rather than opt-out?
    >
    > Best Regards, NewVirus
    >
    > 39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
    >
    > ——————————————————————————–
    > From: [email removed]
    > Sent: 22.12.2017 19:15:00
    > To: [email removed]
    > Subject: [Malicious link] Re: [Malicious link] RE: [Malicious link] Re: [Malicious link] RE: [Malicious link]Anti-virus Lab replies to your request [VD3][URL:3][LN:EN] [KLAN-7384385269] [KLAN-7390565559]
    >
    > Hello,
    >
    > load.jsecoin.com contains only our own miner script and it displays a
    > privacy notice with network wide opt-out link. See screenshot attached.
    >
    > It is less CPU intensive than a video advertisement. We are operating
    > fully transparently with our publishers and their visitors.
    >
    > We do not offer an option for publishers to hide the privacy notice and
    > also have checks in place to make sure publishers aren’t running the
    > code in an iframe to hide the notice.
    >
    > I know cryptocurrency mining has a bad reputation but we believe that
    > our system offers a real alternative for intrusive advertising with less
    > disturbance to the end user. We are doing everything we can to operate
    > in an ethical and transparent manner.
    >
    > If you feel that our platform is still non-compliant with your standards
    > please advise on how we can make this work to meet with your approval?
    >
    > Kind regards,
    >
    > James

    • This reply was modified 8 months, 2 weeks ago by  JSE Admin.
    #5309 Reply

    Rynem

    It sounds to me like you are answering all of their requirements with options. But they are indeed a difficult company!

    In regards to incentive for increased capacity, would it be possible to create an add on for publishers?
    What I mean by this is:
    My current website, since my business runs on a “Freemium” model, we have a button at the bottom which allows donations if a customer wishes to support us.
    However, if i could implement an add-on which reads something like
    “Help support our site by allowing us to utilise a tiny amount of your computer’s unused processing power whilst you keep our monetisation tab open – Click here”
    Or something that doesn’t sound complicated etc.
    When it’s clicked, it could open a separate window which starts the miner on a more intensive Hashrate than the standard miner does.

    Just an idea. I’m thinking this out whilst typing it.

Viewing 15 posts - 1 through 15 (of 22 total)
Reply To: JSEcode blocked as malware
Your information: