Symantec is terminating its partnership with a reseller that stands accused of duping people into believing they were infected by malware, before charging them hundreds of dollars to remove' it.
Silurian, which was a member of the Symantec partner programme, scammed unwitting users by flagging up fake warnings on their PCs that were designed to look like Symantec's Norton Antivirus product.
The alert, hosted on a now-defunct webpage called quicklogin.us/norton, told users: "System Critically Infected. If you are not able to click on this button, immediately contact Support toll Free Helpline 1-855-637-1900."
Senior security researcher Jrme Segura at Malwarebytes, the security firm that uncovered the fraud, said: "This screen is completely fake, but combined with an alarming audio message playing in the background, it may be enough to dupe some users."
The security company phoned the number anyway to see what happened.
A technician advised them to go to a website that would allow him to take remote control of the computer, letting him perform a diagnostic.
Segura said: "This process is a core part of the scam because it allows crooks to tighten their hold on potential victims. With remote access, scammers can literally do whatever they want on the user's machine including stealing documents to installing (real) malware."
The technician quickly pointed to Windows EventViewer, the error reporting tool that tags applications with yellow and red warning lights for problems that are generally benign, but to an inexperienced user look worrying.
He then offered Norton Antivirus to the researchers at two different price options a one-off fix and installation for $199, or a one-year warranty for $249.
The tool can be purchased for 14.99 online, giving users one year of cover.
After discovering Silurian was a member of Symantec's partner programme, Malwarebytes raised the issue with Symantec, which promised to take immediate action.
A Symantec spokeswoman told IT Pro that it is terminating its reseller partnership with Silurian immediately.
She added: "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian.
"After identifying any abuse of the Norton or Symantec brand, we pursue our rights and defend our intellectual property, and where necessary will work with law enforcement."
Pictures courtesy of Malwarebytes
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
C-suites consider quantum a serious threat and "amazing" deepfake attacks are just 'months away'News Deepfake technology has matured at a rapid rate, and video scams are likely to be a on par with the more convincing voice-only campaigns very soon, one expert says
-
Shiseido reportedly suffers data breachNews The Japanese cosmetics company has been accused of failing to notify affected staff of the leak
-
Almost a quarter of all spam emails were sent from Russia in 2021News Last year's spam emails mostly centred around money and investment, Bond and Spider-Man movie premieres, and the pandemic
-
HMRC issues scam warning ahead of Self Assessment deadlineNews The department stated that 2021 has already seen 797,010 tax-related scams reported
-
Microsoft resellers warned of Nobelium attacks on IT supply chainNews Microsoft believes that 22,868 attacks have been conducted against 609 partners since July
-
Ofcom report reveals alarming uptick in smishing attacksNews Text-based scams now more common than phone calls among young adults
-
Smishing attacks increased 700% in first six months of 2021News Which? has urged businesses to play their part to protect people from text message scams
-
Delivery scams become most common form of smishingNews Cyber security provider Proofpoint finds a major increase in the number of threat actors impersonating postal services
