Being attacked by a web page Norton Safe Search has given the Green Seal of Approval

Norton Security | Norton Internet Security
1

Greetings,

 

This evening I have been searching for a site by the name of 'superpass'.  Norton Safe Search fetches a few URLs, all of them with the green seal of approval by Norton. So I click on the first URL and get attaked, though NIS stopped the page from loading in my browser and I got the followin information:

 

"Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
12/15/2013 5:33:31 PM,High,An intrusion attempt by www. superpass .com was blocked.,Blocked,No Action Required,Web Attack: Malicious Cookie Activity,No Action Required,No Action Required,"www. superpass .com (216.251.43.98, 80)",www. superpass .com/,"MYCOMPUTER'S IP, ETC."TCP, www-http"
Network traffic from <b>www. superpass .com/</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME1\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>."

 

I'm using IE11 as my browser, by the way.

 

How can a site have the Norton seal of approval and yet be harmful at the same time, could this be a false positive?

 

[Edit: Removed hyperlink to a potentially malicious website to conform with the Participation Guidelines and Terms of Service]

2

The Safe Web indications are not a real time indication of the site's condition.

 

The other layers of protection in your Norton product caught some malware that got added to site since the last Safe Web check of the site.

 

As your system found this problem, it will be reported to Norton via the Community Watch feature, and you may soon see that site flagged by Safe Web.

 

 

 

3

Hi gregv8

If you are having security issues with a website you can perform a free real time check on the link below.  There are other real time website scanners available if you would like to search the web for them.

 

http://sitecheck.sucuri.net/scanner/

 

 

ATB

 

intesec

4

Thanks for the information.

 

5

Thanks, good site to keep in mind. However http://sitecheck.sucuri.net/scanner/ gave the site I mention above a complete pass.

 

I guess one can never be 100% safe sure...

6
gregv8 wrote:

Thanks, good site to keep in mind. However http://sitecheck.sucuri.net/scanner/ gave the site I mention above a complete pass.

 

I guess one can never be 100% safe sure...

Have you tried again to access that site? I just tried with both IE 10 and FF 25 and it came up without any warning.

 

It may be an IE 11 issue, or the site may have been cleaned up.

 

 

 

7

I just tried the original site again and had no issues this time around. Looks like someone decided to straighten out their problems.

 

It's a good thing, I might soon need to place an order.

 

Thanks!

8

Glad to hear things are working again.

 

Who knows what it might have been. Sometimes just waiting a day or two will get things back in line.

 

We are here if you need us again.