Tim_Lopez wrote:
Hi Slinky_Grafix,

By definition, that website isn't a malware site. Unwanted surveys / promotion websites do not fall in to this category. Sites that host files that are known malware/viruses or phishing websites are examples of malware sites.

---

Hi Tim, so what you are saying is that when a website collects your personal information to scam you into believing you have won something and to then hand over further details about yourself this is not regarded as Phishing?!

I do not think you have studied the screen shot of amazon.cm on the safe web screen shot I uploaded last night. If you had you would see that Safe Web has also found the scam window. In fact it is even showing you a representation of amazon.cm window which is not the proper amazon site but a scam/fake or whatever you want to call it. See below:

If this were a legitimate prize notification the winning number would change with each succesive visit which it doesn't! Hence this is obviously an attempt to fool any visitor to this site.!! Also I have tried visiting this site using several other computers today and there is no such website as amazon.cm!! In fact if I type amazon.cm in the address bar today it launch's a re-direct window for (http://surveytakelive.com/d/a2m5a7) , if that's not mailcious I don't know what is?! 

Worse still.., these redirect windows now also appear to know what town I am living in!!

If you are still saying that this is acceptable and you cannot see anything wrong with it you are clearly in the wrong job.., security is not your specialist subject.

Here's what a Norton Community Safe Web member wrote about 'amazon.cm'

Tim, at this stage of our conversation, rather than put all the blame back on my shoulders, can you please refer me to someone higher in your organization? I do think I deserve that at the very least?!

We are talking about my personal information here and to seemingly brush it under the carpet does seem a little unfair don't you think? I'm sure you would want better if it were your own identity at risk?!

I will take this further if necessary if only to expose the weaknesses of Norton's products!

PM me if you wish.

Slinky

Yet another example of this site's dubious intent..,

Hi Slinky_Grafix,

Whatever possessed you to enter PII into a site such as this?  Quite clearly, as you are only now pointing out, you were never at Amazon.com.  But of course that should have been obvious to you at the time.  Firstly, you intentionally entered a URL for a site that was not Amazon.com, so at the very least, you should have anticipated that the site you did arrive at would not be the actual online retailer.  Then, as your browser address bar clearly displayed, you were redirected to sites like surveytakelive.com and easytestworld.com.  Further, the Amazon-looking webpage, on close examination, is suspiciously out of date.  Then you were presented with an offer that appears, prima facie, to be a come-on designed to entice you into divulging information that you really ought to know better than to divulge - especially to a site that you have not vetted.  Why in the world would you ignore all of these warning signs?

Firefox has a built-in bad site blocker, which also did not alert you to this site,  Firefox uses data supplied by Google, which finds the site not to be malicious.  Neither does McAfee SiteAdvisor post any warnings about the site.  The situation is as Tim has explained it, and none of these services is flagging the site as malicious.  I am not saying that perhaps the site should not be deemed suspicious.  But the fact that it isn't does not absolve you of any responsibility for what transpired.  If you volunteer information in exchange for a chance to win a prize - well, that is a transaction that you enter into willingly.  You should always research, beforehand, what a site will do with any personal information that you might provide.

---

SendOfJive wrote:

Hi Slinky_Grafix,

 

Whatever possessed you to enter PII into a site such as this?  Quite clearly, as you are only now pointing out, you were never at Amazon.com.  But of course that should have been obvious to you at the time.  Firstly, you intentionally entered a URL for a site that was not Amazon.com, so at the very least, you should have anticipated that the site you did arrive at would not be the actual online retailer.  Then, as your browser address bar clearly displayed, you were redirected to sites like surveytakelive.com and easytestworld.com.  Further, the Amazon-looking webpage, on close examination, is suspiciously out of date.  Then you were presented with an offer that appears, prima facie, to be a come-on designed to entice you into divulging information that you really ought to know better than to divulge - especially to a site that you have not vetted.  Why in the world would you ignore all of these warning signs?

 

Firefox has a built-in bad site blocker, which also did not alert you to this site,  Firefox uses data supplied by Google, which finds the site not to be malicious.  Neither does McAfee SiteAdvisor post any warnings about the site.  The situation is as Tim has explained it, and none of these services is flagging the site as malicious.  I am not saying that perhaps the site should not be deemed suspicious.  But the fact that it isn't does not absolve you of any responsibility for what transpired.  If you volunteer information in exchange for a chance to win a prize - well, that is a transaction that you enter into willingly.  You should always research, beforehand, what a site will do with any personal information that you might provide.

---

But WOT (Web of trust) http://www.mywot.com/ warns me of the site.

For crying out LOUD!! Why oh why do people not read posts properly?!! I'm getting really hacked off at having to repeat everything over and over!

I am not denying that I deliberately miss-typed the URL.. that was the whole point of the exercise! The original Norton DNS article which has now been replaced (admission of an error) stated quite clearly, here it is again...



I was merely testing that my software worked as described by said article, is that really so hard to understand?

Yes I entered my information into the website willingly, I had no reason to suspect anything was wrong.., Norton DNS had corrected my typo or so I could have reasonably expected it too and so as far as I was aware I was on the genuine site.

You make a comment that the Amazon page was out of date but it was the exact same one shown on the genuine Amazon site yesterday. Get my picture?

Yes it was stupid to believe that I could have won a prize but then who wouldn't under those circumstances?!

I had the protection against Malicious websites from both Norton DNS & Norton Safe Web (so I thought), that should have instilled some confidence I was reasonably well protected. Clearly not!!

You make me sound like some kind of moron that jumps at the chance of a free gift, regardless of risk! You are quite wrong my friend.., this is the first scam I have ever been duped into.

Let's just quit with all the blame for now and take a more simplistic approach.

Supposing you yourself were genuinely surfing the web and decided to visit amazon.com but made that dreaded typo without realizing.., the first thing you would have seen as I did yesterday was the genuine amazon screen followed quickly by the prize winning screen. What would you really do?

Mostly all genuine surveys that I have ever taken part in are conducted on a separate site, why should amazon do anything different.?

If it's any conciliation to myself I did quit the survey at around 90% but then the damage had already been done.

Thanks for your comments, let us not forget though that Norton also have a responsibility to provide us with accurate information, something they did not.

In future I will not be testing the effectiveness of my Norton products, I will simply hide my head in the sand and hope for the best like all the other innocent souls out there.

Bah - bah - bah - bah...!!!!

Slinky

---

DarkSta wrote:

But WOT (Web of trust) http://www.mywot.com/ warns me of the site.

---

WOT ratings are based on user reports, so experiences such as Slinky_Grafix' will tend to be reflected more in the ratings.  Norton, McAfee and Google ratings are based on testing a site for malware, whereas the WOT ratings will be influenced by user reports of real or perceived scams that use social engineering.

Amazon.cm, itself, is unrated by WOT.

---

SendOfJive wrote:

---

DarkSta wrote:

But WOT (Web of trust) http://www.mywot.com/ warns me of the site.

---

WOT ratings are based on user reports, so experiences such as Slinky_Grafix' will tend to be reflected more in the ratings.  Norton, McAfee and Google ratings are based on testing a site for malware, whereas the WOT ratings will be influenced by user reports of real or perceived scams that use social engineering.

 

Amazon.cm, itself, is unrated by WOT.

 

 

---

That's because DarkSta was reffering to the scam site which opens when you go to (Amazon.cm) ie: (surveytakelive.com)!

It's that site which is causing the problem, it somehow hijacked the amazon site!

That’s why I have both wot and safe web. Wot harnesses the power of the public and can give warnings over potential rogue sites. But wot ratings can be manipulated.

Not sure how to address these issues...

Typing in amazon.cm redirects to third party sites,that could easily fleece the unsuspecting like this example .Once you put in your mobile number you are actually joining a subscription service that charges £1.50 per text.Its written in very small print at the bottom

http://uk.cat.buongiorno.com/wwf-splashTool/SEO/SWSB4_NCB_iPadandiPhone4_V1_P46?CID=160394&CLICKID=09_28959760_30c4f4b3-0c6f-4959-9b38-9cea4837218c

Norton says it is a trusted site ,and i guess it is,but it would be very easy for the unsuspecting to actually subscribe to a service that they didnt want because they thought theyd won something.Therfore i would agree with slinky that because of the redirects amazon.cm is wrongly rated.Malwarebytes website blocking .blocks it by the way.

---

Slinky_Grafix wrote:

---

SendOfJive wrote:

---

DarkSta wrote:

But WOT (Web of trust) http://www.mywot.com/ warns me of the site.

---

WOT ratings are based on user reports, so experiences such as Slinky_Grafix' will tend to be reflected more in the ratings.  Norton, McAfee and Google ratings are based on testing a site for malware, whereas the WOT ratings will be influenced by user reports of real or perceived scams that use social engineering.

 

Amazon.cm, itself, is unrated by WOT.

 

 

---

That's because DarkSta was reffering to the scam site which opens when you go to (Amazon.cm) ie: (surveytakelive.com)!

 

It's that site which is causing the problem, it somehow hijacked the amazon site!

 

---

Umm no.... it does NOT hijack the Amazon.com site

Compare the whois for the two sites:

Amazon.com: http://whois.domaintools.com/amazon.com

Amazon.cm: http://whois.domaintools.com/amazon.cm

Two very different sites.

Hi Slinky_Grafix, All,

My name is Albert Wang and I'm the Program Manager for Norton DNS. We've been reviewing and looking into the feedback on this thread and would like to make a few comments:

1) Norton DNS is not supposed to correct typos. For non-existent (NX) domains, we send the user to the SafeWeb NX Domain landing page. We understand that the KB article might be misleading and have updated it accordingly. Our apologies for any misunderstanding this might have caused.

2) In terms of whether this is a phishing website, as Tim has mentioned before this does not technically fall into our definition of a phishing website. However, I've submitted the websites you mentioned to our team to be reviewed and they will be blocked if deemed appropriate.

Regards,

Albert

ellisonwales wrote:

---

Therefore i would agree with slinky that because of the redirects amazon.cm is wrongly rated.Malwarebytes website blocking .blocks it by the way.

Thanks ellisonwales!

It's comforting to know that someone has understood my post and isn't taking the moral high ground. As I said previously, my intentions were quite innocent and I merely wanted to test Norton's claims that DNS would correct typo's. Perhaps I was a little naive to expect it to work. Having said that, when buying a new car you wouldn't wait until you're having an accident to try the breaks.., you'd try them out first and that's exactly what I was doing with Norton DNS. How can I be blamed for an error in Norton's DNS manual?!

Yes luckily I did spot the small print during the survey about £1.50 charges per text message or whatever it said but I skipped that page. I have had a string of text messages about texting another (free number) which will entitle me to 5 free lines on the national lottery drawer but I'm not daft enough to respond. 

Thanks again for your reply.  

Love MalwareBytes, I've been using that too (free version) for a few years. It still finds stuff that NIS misses from time to time.

Cheers Chap.

---

albertcwang wrote:

Hi Slinky_Grafix, All,

 

My name is Albert Wang and I'm the Program Manager for Norton DNS. We've been reviewing and looking into the feedback on this thread and would like to make a few comments:

 

1) Norton DNS is not supposed to correct typos. For non-existent (NX) domains, we send the user to the SafeWeb NX Domain landing page. We understand that the KB article might be misleading and have updated it accordingly. Our apologies for any misunderstanding this might have caused.

 

Well I'm pleased we can agree that the article was misleading, it's a shame though that I've wasted two whole days posting about it!  I do have better things to do with my time. I only prey that something more positive comes from my bringing it to your attention. (i didn't win my prize)!

 

2) In terms of whether this is a phishing website, as Tim has mentioned before this does not technically fall into our definition of a phishing website. However, I've submitted the websites you mentioned to our team to be reviewed and they will be blocked if deemed appropriate.

 

Well it remains to be seen whether it is a phishing website but my own experience of the survey would suggest that it's not good! As I said previously, I have already had a string of text messages to my mobile asking me to text another number but who can say what that will really cost? It said it was free but I'm not prepared to try it. Also the mere fact that the lucky winner number never changes does suggest that the sites intentions are not honorable.

 

Regards,

Albert

---

Hi Albert, good to hear from a Norton Employee, finally!

Apologies for my in-line quotes above I thought it would make easier for anyone left following the thread.

I do appreciate your comments and I am pleased at least that nobody else will make the same mistake as myself, accept of course if they make a genuine typo too! 

If my experience here has taught me anything, it is this; Don't put too much faith in any security products and always assume that you're not safe regardless of claims to the contrary.

It does make you realize just how clever these scams can be these days and no matter how much security software you use there's always a loop hole for fraudsters to manipulate. I hope that my post will demonstrate the need to review what is a malicious website and what isn't.

I'm keeping my fingers crossed for now that nothing more will come of it,  but it's hard not too worry about the uncertainties!

Thanks again for your reply

Slinky

Hi Albert...

If norton dns/safeweb cant/doesnt correct typos ,isnt that the problem though?.Typing in amazon.cm in the address bar does lead you to page upon page of redirects ,that can easily snare an suspecting person ,especially the elderly.I dont use norton dns (only safeweb in nis),and safeweb shows that amazon.cm is safe because  I assume it thinks you mean a different amazon.cm?.Now if this amazon.cm is different to the mistyped amazon.cm,then that is a problem imo.Id like to see a new rating for sites that redirect to so many ,other different sites from an address or at least some sort of warning that it could be malicious.Now im not a programmer ,so i dont even know if such a thing would be feasible or possible.However it would be welcome.

ellison

Hi Albert, Slinky here....

Yes I quite agree with you on that, what's the point of having security software in the first instance if it can't even detect what appears to be the simplest method of deceit?

I wonder how many hundreds, even thousands of people miss-type a dot com domain on a daily basis? I refer back to my earlier image submission taken directly from Norton's 'Safe Web' site. A user here (LemonMan) has hit the nail right on the head! (See image below)

I actually I think that the original article about DNS which apparently was wrong and miss-leading and which got me into so much bother, in principle was right!! DNS would be a much better tool if it could really detect such a simple mistake!

Thanks again chap.

Slinky

OH.., but wait a minute! Didn't someone say earlier that '.CM' is the extension/domain for Cameroon?

If that's the case, could DNS be made to querey the extension and offer you the choice between the two? In fact, I think that was something else which was supposed to happen anyway according to the wrong DNS doc?!

Hi Slinky_Grafix, All,

Just a quick update here. The rating for the amazon.cm website has been updated. Our engine does not currently classify URLs which are considered spam/scam but we are working on adding this detection in the future.

For non-existent domains, we know for sure that it was a typo so we take them to a separate page. Unfortunately, for existing domains, we really don't know for sure whether it's a typo or if the user really wanted to go to that website. The idea of querying the extension and offering the user choices is an interesting one so we'll add that as an enhancement request for future releases. Thanks!

Regards,

Albert

---

albertcwang wrote:

Hi Slinky_Grafix, All,

 

... The idea of querying the extension and offering the user choices is an interesting one so we'll add that as an enhancement request for future releases. Thanks!

 

Regards,

Albert

---

Hi Albert,

Thanks for the update, it's good to know that Norton have taken the matter to hand and are working on a possible solution for the future. I'm not a programmer but I can't imagine it would be too hard to include a setting/tick box of some sort which would allow the user more control over what domains are surfed. Rather like in Google's Search Engine, you can specify whether your search is within the UK or the rest of the world.  So my next question is: Does this mean I can claim 'royalties' for having such a brainwave?? Perhaps 12 months free subscription to NIS would do it?!

For anyone else who may be interested, I've just had a peek at Safe Web's updated rating and I see that it was my own user review which tipped the balance from a green tick to an amber one! I'm glad to see my efforts have not been in vein.

Here's the latest review:

TTFN!

Slinky