NORTON INCORRECTLY IDENTIFIES A SAFE SITE AS A PHISHING SITE

dahill · ‎08-05-2008

I am not sure what credentials or information your software uses as a basis to identify phishing sites, but it appears, from reading this forum whatever formula, credentials, or algorithms you use, you have a major flaw in your phishing detection system. As indicated from other posts on this forum your software incorrectly identifies some safe sites as phishing sites. This is not only bad for the site that is safe and you report as a phishing site, this is bad for your company too. It reflects poorly on your software.

This morning two people who use your software reported to us that they are getting phishing warnings on our site at http://notoverthehill.com/ . It certainly is not a phishing site, nor could it be. There is absolutely no financial information collected on this site, there is nothing sold on this site, there are no viruses, Trojans, worms or other malicious activity on this site - there isn't even any software offered for download from this site, yet your software is giving users a false "phishing warning" when they visit this site.

This is not only detrimental to our site but to your software since your software isn't able to differentiate between a real phishing site and a safe site.

We have told our users that they must be cautious about depending on a security program that produces false-positives as it might also mean that it isn't detecting real threats either. One thing for sure, your software is flawed and needs to be fixed immediately.

Reporting false positives when users are visiting a safe site like http://notoverthehill.com/ isn't good our site and it really looks bad for your software.

TC

Cloudeight Internet LLC

http://thundercloud.net/

Cloudeight "NotOverTheHill"

http://notoverthehill.com/

LazarusLong · ‎06-29-2008

OK,I went to http://notoverthehill.com/ and notiing happens.

OS=Vista SP1 all updates
Browser 1=IE7 with antiphishing (NIS 2008 v15.5...)
Browser 2=Opera 9.51 with antiphishing option on (not monitored by Norton,not supported browser)
Location= Macedonia (Europe)
ISP= Macedonian Telecomunications www.t-home.mk

Allen_K · ‎04-09-2008

I clicked the link, and it was not caught by the phishing filter at the time I clicked it. I also submitted the link for you to the Security Response Team using the following link.

False Positives - https://submit.symantec.com/antifraud/false_positive.cgi

You might also want to read this post, for an explaination of how the system works. The site was not specifically targeted, but rather scored base on the way it was designed by it's programmers.

Message Edited by Allen_K on 08-05-2008 08:48 AM

Allen

cateyes · ‎08-05-2008

I am one of the two people that have been getting phishing warnings at http://notoverthehill.com/ . This started when I went to view my page at http://notoverthehill.com/mouse/ at approximately 1:45 a.m. . Of course you might not be able to view it as a guest without knowing my password. Then as I started trying to view other parts of the site, the phishing filter started warning me even more. I've never had a problem with my Norton's antivirus program before this morning. I disconnected from the site and ran LiveUpdate and then did a scan on my computer. The only thing that popped up security-wise was something about a temporary cookie. Now while we're on that subject, why is my antivirus program even alerting me about cookies? So at this point, I've turned the Phishing Filter off and will only turn it on when I'm not on the NotOverTheHill site. When you get it fixed, please let me know. Thanks!

Cytoned · ‎07-30-2008

I've visited your site several times consecutively after reading this post. Sometimes it got blocked as phishing, other times it didn't.

Is it possible that one of the revolving adverts on there is being mistakingly flagged as phishing, or is indeed malicious rather than your site itself.

Edit: I think this is the case, just visited it again, and the URL that is blocked as phishing is:
http://cubics.com/displayAd.aspx?pid=X (Removed this for obvious reasons).

Message Edited by Cytoned on 08-05-2008 04:26 PM

Thanks, Cytoned.
Using Norton Internet Security 2009 & Norton AntiBot.

gvoyerperrault · ‎08-05-2008

Hello I am a representative of Cubics.com (the site indicated in the comment below). We operate an ad network for Social Networking application developers.

We've just become aware of this issue and I've already submitted the false positive information. But I still have some questions:

What type of turn-around time can we expect?
Will I be notified when our site has been removed?
Can I speak to someone directly? (the submission included my phone number)

Cubics.com serves thousands of ads every second and hand-reviews every ad that goes into our system. The block is happening on our publisher's pages which are typically running on Facebook. So this makes lots of very legitimate people look bad (us, the publisher and Facebook)

This is a very big deal to us, so we need to know what's going to happen.

Who can we contact directly?

Tony_Weiss · ‎04-07-2008

gvoyerperrault wrote:
What type of turn-around time can we expect?
Will I be notified when our site has been removed?
Can I speak to someone directly? (the submission included my phone number)

1) It should be a fairly quick turnaround, depending on the number of submissions at the time.

2) You will be notified of the results by email, to the address you used for submission.

3) If the results of the analysis are not satisfactory to you, there are further instructions to contact our Technical Support team. However, you can also send me a Private Message through these boards with your contact information.

I would recommend submitting all possible URLs that are being detected as phishing sites. We want to ensure we have as much information as possible regarding the problem so we can resolve it quickly. Thanks!

Tony Weiss
Norton Forums Global Community Manager
Symantec Corporation

Altara33606 · ‎08-05-2008

I am another person who suddenly started receiving 'phishing' notices today at Not Over The Hill. It even said MY page was fraudulent! At first, I thought it was my problem..since I recently re-installed my Norton's 360; then I heard from other people with the same problem. How can I get around this? I've repeatedly clicked on 'report this as a safe site'...still get the same thing! I've always liked Norton 360--but this is very annoying!

cateyes · ‎08-05-2008

It has been 15 hours now and I still get the false positive that http://notoverthehill.com/mouse is a Fraudelent Web page. I sure hope you get it fixed soon. I have 121 days left on my subscription and may just decide to find another antivirus program to run on my computer! I've never had a problem with even a free antivirus program - Grifsoft's AVG Antivirus program. I've been on the internet for nine years and this is one of the most upsetting days of my life. I am just a user at notoverthehill.com - but I've been going to the various webpages that these people put out and have never had a problem and trust them wholeheartedly. Please get it fixed soon. Thank you very much. I've done LiveUpdate twice now and still no results or a fix to this problem.

Altara33606 · ‎08-05-2008

Ok, it's been 24 hrs. This ISNT a fast turnaround. I have to click on 'report this as safe' every single time I navigate from one page to the next (& even if I go back)--I'm sure I've now done it at least 2 dozen times on EACH page. HOw many times do I have to tell them it's 'safe' before they get it? I can understand needing to report a page as safe...but how many times?