Legit Norton/Symantec virus update connection or malicious redirect?
I had once posted a question similar to this, BUT there is one different/important variable that was not in effect with the previous question
Use NAV2008 on Vista Home Premium OS with vista service pack 2
I noticed in my internet connection log that last night my computer connected to
This happened when my computer was scheduled to and checking for virus def updates from Norton/Symantec
My activity log shows that liveupdate was running.
But in the internet connection log it showed the IP name as
When I Google stuff on content.yeildmanager.com I get some shady impressions
When I do a WHOIS check on the IP address, it shows as belonging to
Beyond the Network America, Inc and again when I google that it shows some questionable information
Now the strange part is that I show to have received virus defs from Norton/Symantec at this same time
I think the virus update was 20100610 rev 25 or rev 48. So I received an updated Norton file
As an additional note- there was another check for Norton Antivirus updates 3 hours after ( I have it set to check every 3 hours) and this next check went to Symantec.com
Could it be:
1. An error in the logging of both the IP address and the domain name?
2. Norton/Symantec uses this server as a delivery system of Norton Virus def updates
( I have seen sometimes virus def updates from Norton come from different servers other than Symantec, but the domain name in the internet connection log says symantecliveupdate or Symantec not something different like content.yeildmanager.com)
3. So is this a malicious redirect?
Subsequent scans show no virus/spyware other than the normal tracking cookies tracking cookies and further virus updates have been good and look normal
So does this sound malicious? Just seems so odd it would show up as content.yeildmanager. com
This never seemed to happen before
Any help to understand this is much appreciated. Hope it is nothing serious