Issues with site re-evaluation on Norton Safe Web

Archive
1

Hi,

   This is Jonathan, co-founder of Infoaxe.com (hxxp://xxx.infoaxe.com). Norton is incorrectly flagging our s/w as malware.

We are a VC funded silicon valley company that has over 3M reg. users who love

using our service. We have users complaining to us that Norton is removing Infoaxe from their machines and also switching their homepage from Infoaxe to a Symantec page. This is really annoying to our users and makes our product unusable.

We'd greatly appreciate a prompt resolution of this issue.

 

We are getting flagged on Norton Safe Web here, http://safeweb.norton.com/report/show?url=infoaxe.com

 

To clarify some of the threats in detail,

Reg. the first 6 threats in http://safeweb.norton.com/report/show?url=infoaxe.com (viruses) relating to a file in the toolbar

( hxxp://xxx.infoaxe.com/toolbar/ie/files/info_toolbar_update.exe):

 

 

We had a toolbar updater packaged with our toolbar software. We had tried updating our toolbar updater in the past. info_toolbar_update.exe was our older toolbar updater and we tried to update it along with the toolbar for some of our latest changes. We did not realize that our updater updating itself would cause Norton to regard it with suspicion as a possible trojan. None of the components of our latest toolbar currently update themselves and the listed file is currently not even directly or indirectly downloadable from our website. 

 

To sum up,

a. The content is not malicious

b. The content is no longer included in our toolbar to avoid any issues

 

Reg the last 2 threats in the above form (drive by downloads) for indexauto.jsp:

For some context, Infoaxe is a web history search engine. We index and make searchable, the

web browsing history of users so that they can easily find pages they have visited in the past. This data

is private to users. indexauto.jsp adds these pages to our index. If you notice in both the above

drive by dowload threats, it is NOT our page that has the exploit but some page that the user has visited 

(from mysystemsxcanner.net and studioxeight.tv). We just happened to index

those pages. Again, its NOT our content that is malicious. 

 

Hope this clarifies things. I look forward to your prompt attention to this matter by correcting the erroneous flagging

of our s/w since this is severely affecting use of Infoaxe by our users. 

 

We had requested re-evaluation of the site but there seems to be no change in our Norton safe web report (its till red).

In addition I see some new threats listed in our report namely STDT1 & STDT2 which point to our toolbar

which hxxp://xxx.infoaxe.com/toolbar/ie/files/ietb.dell?rnd=4823

 

To sum up, my questions are

1. What can we do to remove the existing threats relating to the virus warning and the drive by download?

(I had added a detailed comment explaining why this was erroneous as part of the re-evaluation submission

and also emailed site_owner_help_en@symantec.com. I had also submitted a false positive form at 

https://submit.symantec.com/dispute/false_positive/)

 

2. What are STDT1 & STDT2 and how can we resolve these?

 

3. What is a simple way for us to check our s/w for such potential threats? Does Norton have a web service, where

we can upload our toolbar and get a report of any potential threats? This will help us resolve these issues

prior to deployment.

 

Thank you for your response.

 

thanks

Jonathan

 

p.s. For more info on Infoaxe,  

NY Times, http://www.nytimes.com/external/venturebeat/2009/11/20/20venturebeat-infoaxe--a-real-time-search-engine-that-does-53994.html

Techcrunch, http://techcrunch.com/2008/11/17/infoaxe-records-your-browsing-sessions-lets-you-search-your-web-history/

and the Jerusalem Post http://www.jpost.com/Home/Article.aspx?id=123038

 

<<Edit: Disabled the active links to the malicious website, please abstain from posting active links to the malicious web sites and exe's as per the participation guidelines and terms of service.>>