Norton Linking to Spam Site?

Natitude · ‎10-12-2011

This is my forth attempt to get some attention to this. Let me start this by saying that while my issue surfaced during the whole Facebook fiasco, it has nothing to do with Facebook. I can access Facebook fine - this has NOTHING to do with Facebook.

However, when your product popped up the Norton Web Page Blocked message stating the site I was about to go to was fraudulent, it had a link that said "Continue to site anyways". I clicked this link (because I knew Norton was wrongly flagging Facebook) and it took me to this site: ww35.co.cosymantec.com.

That site is clearly not affiliated with Norton - in fact, it looks like a spammy, doorway site full of ads. My quesiton/issue/concern is, WHY did the Norton page link to that site? Clicking that link, should have taken me to Facebook - but instead it went to that spammy site. I have a screenshot of the page that shows this behavior.

Can somebody please actually help me with this? I've tried emailing and live chat numerous times, but all of your agents brush me off telling me to try Facebook in 24 hrs, when that's not the issue. My Facebook works FINE. I'm concerned as to why, when your product blocked a webpage, did it link to this bogus site?

Also, during this entire time, Norton has said my status is secure.

prasanna_a · ‎05-09-2011

Hi Natitude,

To start with, welcome to Norton Community.

Before we provide you with some resolution, we need few details from your side. I just had a look at your previous post as well but couldn't get enough details from it. If you feel like we are starting from the scratch again,we have no other option to get the details and without details we cannot advice you with any resolution.

Do you use our latest NIS 2012 product? What browser you use? Do you face this issue in all browsers you have or only with any specific browser?

Guess, its not reproducible now, as you told your facebook works fine.

If you just want to know the reason for this wrong detection or redirection, one of our colleague has posted on your thread with a brief description on what happened with this. Just to quote it here " What happened? Several true fraudulent Facebook-hosted URLs were automatically processed by the Norton Antiphishing server today and a system logic flaw produced the incorrect updates"

I hope, this wrong re-direction on clicking continue anyway was one of the side effects of the problem we had with our server and its system logiw flaw.

Sorry for too many questions, but all these are the basic platform questions on which we will be discussing further.

Regards,

Prasanna.

Natitude · ‎10-12-2011

Honestly, I would prefer starting from scratch since I've had such a terrible experieing with your customer service already.

Re: your questions.

Do you use our latest NIS 2012 product? Yes

What browser you use? Mostly Firefox.

Do you face this issue in all browsers you have or only with any specific browser? Only saw it in Firefox.

Is it reproducible even now? It was reproducable last night, because your system was flagging facebook as fraudulent. Now that you've fixed that, there's no reason for Norton to pop and block a webpage. So it's kind of hard to reproduce it, unless you give me a site that is known to be blocked?

Again, I have a screenshot of Norton's pop up and it linking to that site. I can prove 100% this happened.

Let me know what else you need.

prasanna_a · ‎05-09-2011

Hi Natitude,

Even we were sure that it would not be reproducible even now.

But as you told to make sure that it happened only with the system flaw and server issue which we had overnight, if you are fine with testing a real fraud site on your machine, i can let you few ways of doing it. But am sure, it would not do any harm just by clicking continue to site anyway unless you became a prey to the phishers by entering the details on the page.

Let me know if you are fine with this.

regards,

Prasanna

Natitude · ‎10-12-2011

I'm willing to accept that it may have had something to do with that bug, I just couldn't get any attention to this via live chat or email. Everyone kept telling me to try Facebook again in 24hrs, when that wasn't what my concern was.

I appreciate YOU taking a moment and addressing this and actually listening to my issue. Is there a way to provide feedback on customer service? I was really irritated and disappointed with how the CSR handled (or lack thereof) my problem.

Thanks.

prasanna_a · ‎05-09-2011

Hi Natitude,

Sorry for the bad time with our support team.

Henceforth when you need support with our product you can always land here and we have many of our Norton Employees and we have our Forum GURU's here who will also help you out with all required details.

Ok, Now coming to our discussion, before we proceed, I need one last information from your side.

When the facebook URL was blocked fraudulent, can you recollect if the URL was mentioned in our blocked page.

In the blocked page, it would say " You tried access the page : " and the URL would be mentioned below. Was it available for you?

Regards,

Prasanna.

Natitude · ‎10-12-2011

Great question, it said https://www.facebook.com was the site that I was trying to access and Norton blocked. So, it was indicating the correct URL, however the "continue anyway" link went to the ww35.co.cosymantec.com/viewanyways

Again - I have a screenshot of all of this.

And I did try and post in the forums but I was unfortuantely drowned out by all the Facebook chatter. I don't think anyone even noticed the post.

prasanna_a · ‎05-09-2011

Hi Natitude,

There is a reason for asking that whether the URL was displayed properly over there. Why because, if some junk or garbage characters fills that space and when you click on Continue anyway it might land up on a wrong URL.

Now since you are fine with testing on your PC, just try to browse to this URL "http://www.adrihaus.hu/ferasddas.html" and am sure that it would be blocked as Fraudulent and as I told earlier just make sure that URL is mentioned in the blocked page text. Go ahead and click on continue to site anyway. Please make sure to check these points over there:

1 Check the redirected URL is the one you entered

2.Observe the status on the toolbar, it should show RED CROSS(X) and when you click on that drop down it should say "Known Fraudulent URL"

Preconditions:

1.Run the LU untill it says no updates, so that you are web protection defiinitions are upto date.

Let me know how did it went through.

Regards,

Prasanna.

Natitude · ‎10-12-2011

OK I will give that a try but unfortunately I can't right now since I'm at work and not on the computer in question. However, when I get home I will access that and let you know what comes up.

Also, let me know the proper funnel for expressing concerns about customer service as I would really like to speak to someone about that.

Thanks.

prasanna_a · ‎05-09-2011

Hi Natitude,

Do please let us know the results after trying as we would be waiting for a word from your side post testing.

Regarding, the customer service issue am not aware of the point of contact for raising your concerns as its out of my radar.

But what I could advice you is, you can send in a private message to our Forum Admin's as they might have some contacts with the support team and so they could it route it to proper channel.

Regards,

Prasanna.