Yesterday afternoon I was checking if a program was secure (from the Norton 360 interface, I clicked on check and it opened a website to Norton Website, like it should), when I got a message from Norton DNS stating that website was in fact not secure (the own Norton website). I thought it was a temporary problem and forgot about it.
But for the last hour I was getting Norton DNS messages alerting for the fact that several known websites were insecure (Juniper Networks, the own Norton website and so on). I have Norton 360 + Prevx 3.0 and had received no warning whatsoever. I ran a Norton quick scan virus and Prevx Scan just to make 100% sure it was not a redirect virus and found no Spyware or Malware (aside from the usual "tracking cookies").
Then I ran some traceroute to the URL's, and Norton DNS was resolving the URL to an IP address belonging to Symantec corporation: 198.153.192.41
After that I changed the DNS to Comodo and everything seems OK until now.
Is/Has anyone experiencing this issue (Norton DNS users) ?
I'll leave some screenshots of the problem (Norton DNS message and traceroute):
Same for me this morning, no problems previously. I get the same error displayed when visiting a bunch of well known sites like carphone warehouse and Nortons but not others. Disabled DNS and accessed all sites as normal but defeats the purpose.
I hope it gets fixed very soon. Despite having “admin” in my username (not a good choice now I realize :-)) I’m not working for symantec. The only thing I can do is to wait…
This morning for the first time I encountered a Norton DNS warning that my attempt to connect to American Airlines at www.aa.com was redeirected to a malicious website www.aa.com.edgekey.net. When I tried to access the Symantec website (www.symantec.com) to check out the threat I got a similar message about that website. What's up with that?
I was having the same problem this morning. Can we get an update?
Was this a configuration issue or was this an actuall attack?
Do i need to change passwords for all the sites that i was failing to log into... until i realized other sites where resolving to malware sites, something had happened to my DNS...
No the issue is gone. Yahoo mail login page looks normal, Redbox.com doesnt resolve to redbox.com.edgekey.com, Hulu.com login doesnt fail with error about SSL/TLS being possibly disabled.
Im on Comcast in Reston, VA.
So do I need to change my password? Ive already downgraded to a Win 7 install from disc instead of really nice Windows 8. Except i ran Windows Update while the DNS was messed up...
The issue of the DNS blackhole appears to be solved. I've tested the same websites as yesterday and run some traceroute's and now the DNS resolution appears to be OK. The traceroute's are showing the usual routes, etc.
BTW Can we have more information about this issue? What caused it? An erroneous human input? An attack?
Thanks for the updates. It's not an attack :-). It was caused by some false positives on websites. After we received the reports, the team worked on the issue immediately and corrected the issue as soon as we could.