I have filed a report about a site that was incorrectly flagged as a false positive.
The site is http://www.cubics.com/, the ads are appearing under http://social.bidsystem.com/.
We had a similar issue in August 2008:
http://community.norton.com/norton/board/message?board.id=nis_feedback&message.id=5126#M5126
What type of turnaround time can we exepect?
What other information can we provide to speed up the process of correcting our issue?
I take it from the "we" that you are the site owner?
Where did you file the report?
Did you get a reference number?
The report was filed here: https://submit.symantec.com/antifraud/false_positive.cgi
I did not receive a reference number, though I did provide my e-mail.
Yours is the only Symantec response I've received.
Call me the "site representative".
Cubics.com and Bidsystem.com are owned by Adknowledge, Inc.
We're a 220 person company out of Kansas City, MO.
Thanks for filling in the gaps. It's not something I can help with directly myself but hopefully someone will be along shortly who knows exactly how to advise you or how to progress it.
I'm not Symantec BTW -- they have names in red -- just one of the volunteer helpers who are users.
I just received the stock reply that my issue could not be reproduced and that no further actions would be taken.
The issue is plainly visible in this user provided screen-shot:
http://i169.photobucket.com/albums/u235/Loki052479/Farm%20Town/FT-Phishing-1.jpg
The toolbar indicates that the user is on the following facebook app:
http://apps.facebook.com/farmtown/
The error message provides a URL:
http://social.bidsystem.com/displayAd.aspx?pid=346463&plid=15965&adsize=728x90&bgColor=%23ffffff&textColor=%23000000&linkColor=%230033ff&channel=&appid=57308 (followed by several facebook variables)
If you and your team feel that this issue is resolved with the latest deployment, please let me know.
Great, my first response isn't even from Symantec :) Thank you though.
I've provided more information for the team when they do roll by.
I just clicked on the link you provided in your first message and NIS 2009 SafeWeb does not flag it as dangerous -- on the contrary:
I'll leave it at that. I've seen your .59 post but I'll leave it at that for now since I don't know what the problem is.
PS Don't look gift horses in mouthes ....
Hello gvoyerperrault,
We'll need some additional details:
- Which Norton Software are you using?
- What is that exact version number (ex: 16.5.0.134)
- Does this happen to you 100% of the attempts you make to view your webpage?
Hello Tim;
I am not using your software. My client's client is using your software.
Based on the screenshot provided to me by the client, it looks like they are using "Norton Internet Security".
http://i169.photobucket.com/albums/u235/Loki052479/Farm%20Town/FT-Phishing-1.jpg
I do not know the version number, nor is the version number emitted in the "Fraudulent Web Page Blocked" screen (probably a good feature request there).
My client has had multiple reports of this issue (he has 100s of thousands of users).
All of these reports started yesterday during the day. So it's quite likely that these users are using the fully patched version. Otherwise reports would have started last week.
I'm the general manager of the social advertising business here at Adknowledge.
What is the status of this issue? It has been over 8 hours since we heard from symantec. This issue is severly hurting our business, our publishers business as well as causing issues for end users. We risk losing our publishers and this false categorization is negatively affecting our perception in the marketplace and could cause long term harm to our brand.
I should point out that in the screenshot the url that is being blocked is social.bidsystem.com.
We have now had a million dollar account pull our ads due to this issue and still no action by symantec.
12 more hours have passed and still no response / action.
I am not Symantec but I'm one of a number helping out here and I replied twice to your colleagues earlier messages. As you will have seen I used the URL -- http://social.bidsystem.com/. -- in his first message which took him to your site -- http://advertiser.cubics.com/ -- and Norton SafeWeb flagged it as perfectly safe:
I would say from the screen shot linked to with that first message showing an error message that the user was not using the current NIS 2009 I am and/or that it is not fully uptodate -- which is why the Symantec Staffer asked what software was being used.
I am passing you these as mere observed facts. I am sure you will hear from Symanatec.
Still no response from Symantec.
The issue is not from an outdated or unupdated client. We have received thousands of these reports all starting on the same day in a location that has not changed in months.
The lack of action and response by Symantec on this issue furthers the case that Symantec should be liable for damages caused by their misrepresentation of our website.
They also don't seem to care that they are incorrectly restricting the content that tens of thousands of the users of their product are able to access.
bidsystem wrote:
Still no response from Symantec.
The issue is not from an outdated or unupdated client. We have received thousands of these reports all starting on the same day in a location that has not changed in months.
The lack of action and response by Symantec on this issue furthers the case that Symantec should be liable for damages caused by their misrepresentation of our website.
They also don't seem to care that they are incorrectly restricting the content that tens of thousands of the users of their product are able to access.
Message Edited by bidsystem on 04-10-2009 04:54 PM
I've contacted our team to review the issue in greater detail; thank you for your patience. I believe there was a response from Tim_Lopez from Symantec earlier, with questions about the version of the product. The product displayed in the screenshot has many versions, and we want to try to reproduce this issue here to determine the cause.
Reading through the thread again, I'm not clear as to whether your team is able to reproduce this issue either. Any additional information you can provide on testing you've conducted is also appreciated. I know you want this issue resolved quickly, and I hope we can work together to meet that goal.
Can you ask one of the users experiencing this issue to give you the version number of their Norton Internet Security product? If it is not the latest version, 16.5.0.135, can you recommend to this user that he/she should update to the latest version and try the site again? The latest version can be obtained here:
Thanks again for letting us know about this problem, and any more info you can provide will speed up the resolution.
Both links in the original post work perfectly for me as well. Maybe in addition to the request for version numbers, there should also be a request for confirmation that the posters are who they say they are and do actually represent the company in question.
I am a volunteer here and have no ties to Symantec.
I have tried both sites and reached them without problem.
I would check with your correspondents and determine just when they experienced these problems. Something is askew here. As others have suggested, there is also no reason to assume they are using up-to-date products; so it would be worth getting the users' NIS version numbers.
Good luck.
Perhaps this is related; perhaps, not:
When I launch either IE7 or Firefox 3.0.4, and try to acces the AOL log-in screen (AOL: https://my.screenname.aol.com/_cqr/login/login.psp?sitedomain=sns.webmail.aol.com&lang=en&locale=us&authLev=0&siteState=ver%3a4|rt%3aSTANDARD|ac%3aWS|at%3aSNS|ld%3awebmail.aol.com|uv%3aAOL|lc%3aen-us|mt%3aAIM|snt%3aScreenName&offerId=webmail10-en-us&seamless=novl),
I get an intercept warning me away from the site.
Now, if I click exit this site and try again I have no problems getting to the log-in screen.
All that being said, please note that the display I get and the display presented by the posters are different, thereby suggesting the complainants software might be out of date.
I don't know whether you meant that URL literally to be used or whether you took out your actual screen name but when I use it with IE7 I get no warnings but an OK:
But I see in the comments column a couple of people asking why it is blocked ..... and one saying it's OK.......
SummaryNorton Safe Web found no issues with this site.•Computer Threats: 0•Identity Threats: 0•Ecommerce safety threats: 0•Annoyance factors: 0Total threats on this site: 0•Community Reviews: 11
Hello thread members--
After reviewing some Norton Antiphishing system configuration information, I can confirm that the cubics.com and bidsystem.com domains are on a "safe list"; pages and frames that originate from these domains should not be blocked as phishing pages.
If you are seeing this problem, please consider performing the following steps to be certain you are using the current antiphishing definition content in your browser session:
1. Run Live Update and apply any necessary updates; reboot your system if prompted by Live Update to ensure all updates are applied.
2a. If running NIS09 or N360v3, allow the Idle Timeout period to elapse.
-- This step is necessary so a Background Job can execute to produce a new antiphishing configuration file.
-- You can monitor the idle timeout or change its setting by clicking the CPU Usage link on the main UI
-- From the CPU Usage screen, check the list of Background Jobs and confirm the job named "Antiphishing Updates" has executed recently.
2b. If you are not running NIS09 or N360v3, the antiphishing configuration update occurs as part of the LiveUpdate session.
3. Close all browser windows, launch a new browser, repeat browsing the problem website.
If you still see phishing block page problems after performing the above steps, send me a PM and I will reply to you with further instructions on collecting debugging information from your system.
Regards,
Matt Powers
Symantec Corp.
MJP -- Thought everyone would like to know that another user ProTruckDriver followed your instructions and it fixed his inability to log into AOL with similar messages as here:
See Re: NIS Blocking AOL sign in window. for his report.
