Symantec Issues
February 13th, 2006 by Kelson. Posted in Spam and tagged for phishing, security, Spam, symantecLast week I received a message offering a 30% discount on Norton Internet Security 2006. It claimed to be from Symantec, but the email address was at digitalriver.com, and all the links—including the ones that claimed to be at symantec.com—went to bluehornet.com.
Now 5 minutes of research turns up the facts that Symantec does work with Digital River and Digital River owns Blue Hornet. And it did go to the address I used to register Norton Antivirus last year. So it’s probably a legit offer.
But let’s think about this for a minute.
Assuming it’s legit, Symantec—a company that deals in internet security—is deliberately sending out offers via third-party domains, email and web servers. Depending on how security-conscious you are, they are either making their messages look suspicious or training users to ignore warning signs.
Or have you never seen spam offering enormous discounts on Norton products? Which generally turn out to be pirated. And I seem to recall—though I can’t find an article to back it up—that the bootleg copies are often infected themselves, or crippled in some way.
Given how many shady operators are out there, taking advantage of the big guys’ name recognition, you’d think the big guys would at least make some effort to make their own offerings look less, well, shady.
17 Responses to “Symantec Issues”
By Duncan Hill on Feb 14, 2006
I had an interesting mail claiming to be from Halifax Plc, sent from the domain halifax-mail.co.uk. Checking that domain showed no fingerprint that linked it to Halifax, the www was blank, and chasing the domain owners etc upstream led to a marketing company.
You’d think a bank would know better by now too! I have a letter drafted that I need to drop in the post to them, chastising them
By Ben Tisdall on May 25, 2006
Couldn’t agree more about these Symantec mails, despite the fact that they do, after some digging, appear to be genuine.
SA gets them every time here:
Content analysis details: (5.3 points, 2.9 required)
pts rule name description
—- ———————- ————————————————–
0.0 SUB_FREE_OFFER Subject starts with “Free”
0.2 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.5 OPTING_OUT BODY: Talks about opting out (lowercase version)
0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
0.2 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 SARE_UNI RAW: SARE_UNI
2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.2 DIGEST_MULTIPLE Message hits more than one network digest check
By filosof on Jul 26, 2006
I’ve got an email from with the following concern:
“Keep your computer safe from Infected Fake Emails from Online Retailers
Threat Level: Category 3 - Moderate
Outbreak Type: Trojan Horse”
The email looked very authentic but:
All the links like liveupdate, existing customers etc. went to “http-dr.bluehornet-com.ct/………type=1″
Looking at “http-dr.bluehornet-com” I found a login-site, which hides the login-domain. It is clear for me,that its not the same site as www-bluehornet-com and that it is a fake itself probably with malware in the linksites. I will send it forinformation to symantec and delete it.
By Kelson on Jul 26, 2006
Great. So phishers are already taking advantage of Symantec’s less-than-responsible email practices.
By Shem on Aug 23, 2006
I received an email regarding a “$40 off Norton Internet Security 2006″ and questioned it’s Symantec authenticity since the email was from Symantec@reply.digitalriver.com and the link to download/purchase the product routed back to a http://dr.bluehornet.com/ link. I contacted Symantec and they confirmed that they are associated with Digital River and that the “dr” in the link stands for Digital River and that the offer should be legit. Side note, after further researching, it seems that Digtial River is associated with Blue Hornet. I guess all this marketing is like sex; everyone is linked up with someone else. And all I want is some peace-of-mind, cost-effective virus protection.
By lucy on Sep 16, 2006
off topic-anyone ever actually get a rebate?.am waiting for three
By Smokeyboy on Sep 16, 2006
Yup, got the dr.bluehornet.com message. Took me a lot of time to get that message forwarded to symantec; it’s like they don’t want to know - if there are more security risks out there, there is more reason to buy their product. Leads one to wonder, who is really starting these viruses and worms. Who has a vested interest in selling something that fixes these problems. Nah, that couldn’t be true. Have I been Oliver Stoned?
By Chris on Oct 13, 2006
I also just received the dr.bluehornet.com message but it was for CA’s ePest Patrol. The message is below. Note that the word download is a link to http://dr.bluehornet.com/ct/ct.php?t=266092&c=478296554&m=m&type=1&h=7CB8431DDCD6CC294734CE64DC77F24D
I sent an email to CA to inquire about its authenticity.
Dear Chris,
CA Anti-Spyware 2007 (formerly eTrust® PestPatrol® Anti-Spyware) is the latest release of CA’s award-winning, industrial-strength anti-spyware software. A benefit of your annual subscription is FREE product upgrades as they become available, providing you with the latest features at no charge.
Download the new version today and start taking advantage of new features like:
* An improved user interface that assists you in quickly and easily setting preferences, checking program status, and maintaining a protected PC
* Improved real-time protection that guards you against an even wider range of spyware threats
* A Secure Now feature that provides proactive protection by monitoring critical program functions and settings, and reminding you to keep your security optimized
* The Threat Outbreak Warning System giving you detailed, up-to-the-minute information on the most recent and most prevalent spyware threats
To upgrade now, download CA Anti-Spyware 2007.
Need help installing? Visit our online upgrade page for instructions on how to install this new version.
Thank you for choosing CA.
Best Regards,
The CA Consumer Team
By Peter Jakob Hafner on Feb 16, 2007
Reply to: Monday, February 13th, 2006 at 9:23 AM by Kelson.
… all techniques to force people to lower security to third party cookies and to open the door for spying and entering in to your world. Ethical ?
Peter
By Kelson on Feb 17, 2007
Hmm… if you don’t follow safe practices online, you’re more likely to need security software?
By Karl Jackson on May 25, 2007
I’ve just got an email allegedly from TurboCAD - Thunderbird caught it as a possible scam. I had to think carefully about this one, because I did install a trial version of TurboCAD 12 and therefore IMSI would have my details. But the links do NOT go to IMSI’s website, so that’s one for the trash whether it’s genuine or not!
By Paul Quirk on Oct 22, 2007
I just got the dr.bluehornet.com link, for a supposed survey, from PC Tools (Spyware Doctor).
By Jeff on Nov 26, 2007
Just received this today. Questionable huh?!!!
As a valued user, you’re eligible for a FREE* update to Norton Internet Security 2008 for use during your current subscription period*.
This PC Magazine’s Editors’ Choice delivers industry-leading performance, including 69% less memory usage than other 2007 security products** so your programs run faster in the background. Plus, you’ll get free one-click access to expert support.
Industry-leading performance and exclusive new features
NEW! Optimized product design sets new industry standards for fast scan times and decreased impact on system startup and resource usage.
NEW! One-click access to FREE expert support via online chat or e-mail from your Norton Internet Security 2008 interface.
NEW! Norton™ Identity Safe protects, manages, and optimizes multiple passwords and online identity information when you bank, browse, and shop online.
NEW! Network Security Monitoring monitors your wireless network security, maps connected devices, and provides expert advice.
Learn how the performance of new Norton Internet Security 2008 exceeds industry standards.
Download your FREE* Update now. See why we say, “Go ahead. You’ve got Norton.”
After downloading your update don’t forget to install the Family Add On Pack™.
By Wilkins on Nov 26, 2007
email recieved was, Upgrade your Norton Internet Security to the new 2008 version. Is it safe?
By stanley gale on Jul 22, 2008
I refer to your email dated mar.20th 2008 I have tried to download and install 360tm without success I HAVE TRIED TO CONTACT YOUR company by email several times no reply the following comes up [ the procedure entry point getmodule handle exw could not be located in the dynamic link libary kernel32 d11 since this the e mail received suggests your help I would appreciate a reply stanley gale
By Kelson on Jul 22, 2008
Congratulations, Stanley Gale! You just won the “I can’t be bothered to read the page I’m posting on” award for the day!
This is not a Symantec contact form. It’s a personal blog entry complaining about Symantec’s email practices.