Symantec ditches reseller guilty of scamming PC users

Symantec logo on building

Symantec is terminating its partnership with a reseller that stands accused of duping people into believing they were infected by malware, before charging them hundreds of dollars to remove' it.

Silurian, which was a member of the Symantec partner programme, scammed unwitting users by flagging up fake warnings on their PCs that were designed to look like Symantec's Norton Antivirus product.

The alert, hosted on a now-defunct webpage called quicklogin.us/norton, told users: "System Critically Infected. If you are not able to click on this button, immediately contact Support toll Free Helpline 1-855-637-1900."

Senior security researcher Jrme Segura at Malwarebytes, the security firm that uncovered the fraud, said: "This screen is completely fake, but combined with an alarming audio message playing in the background, it may be enough to dupe some users."

The security company phoned the number anyway to see what happened.

A technician advised them to go to a website that would allow him to take remote control of the computer, letting him perform a diagnostic.

Segura said: "This process is a core part of the scam because it allows crooks to tighten their hold on potential victims. With remote access, scammers can literally do whatever they want on the user's machine including stealing documents to installing (real) malware."

The technician quickly pointed to Windows EventViewer, the error reporting tool that tags applications with yellow and red warning lights for problems that are generally benign, but to an inexperienced user look worrying.

He then offered Norton Antivirus to the researchers at two different price options a one-off fix and installation for $199, or a one-year warranty for $249.

The tool can be purchased for 14.99 online, giving users one year of cover.

After discovering Silurian was a member of Symantec's partner programme, Malwarebytes raised the issue with Symantec, which promised to take immediate action.

A Symantec spokeswoman told IT Pro that it is terminating its reseller partnership with Silurian immediately.

She added: "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian.

"After identifying any abuse of the Norton or Symantec brand, we pursue our rights and defend our intellectual property, and where necessary will work with law enforcement."

Pictures courtesy of Malwarebytes