Last week I received a message offering a 30% discount on Norton Internet Security 2006. It claimed to be from Symantec, but the email address was at digitalriver.com, and all the links—including the ones that claimed to be at symantec.com—went to bluehornet.com.
Now 5 minutes of research turns up the facts that Symantec does work with Digital River and Digital River owns Blue Hornet. And it did go to the address I used to register Norton Antivirus last year. So it’s probably a legit offer.
But let’s think about this for a minute.
Assuming it’s legit, Symantec—a company that deals in internet security—is deliberately sending out offers via third-party domains, email and web servers. Depending on how security-conscious you are, they are either making their messages look suspicious or training users to ignore warning signs.
Or have you never seen spam offering enormous discounts on Norton products? Which generally turn out to be pirated. And I seem to recall—though I can’t find an article to back it up—that the bootleg copies are often infected themselves, or crippled in some way.
Given how many shady operators are out there, taking advantage of the big guys’ name recognition, you’d think the big guys would at least make some effort to make their own offerings look less, well, shady.
I had an interesting mail claiming to be from Halifax Plc, sent from the domain halifax-mail.co.uk. Checking that domain showed no fingerprint that linked it to Halifax, the www was blank, and chasing the domain owners etc upstream led to a marketing company.
You’d think a bank would know better by now too! I have a letter drafted that I need to drop in the post to them, chastising them 🙂
Couldn’t agree more about these Symantec mails, despite the fact that they do, after some digging, appear to be genuine.
SA gets them every time here:
Content analysis details: (5.3 points, 2.9 required)
pts rule name description
—- ———————- ————————————————–
0.0 SUB_FREE_OFFER Subject starts with “Free”
0.2 DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date
0.5 OPTING_OUT BODY: Talks about opting out (lowercase version)
0.2 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
0.2 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 SARE_UNI RAW: SARE_UNI
2.0 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
0.2 DIGEST_MULTIPLE Message hits more than one network digest check
I’ve got an email from with the following concern:
“Keep your computer safe from Infected Fake Emails from Online Retailers
Threat Level: Category 3 – Moderate
Outbreak Type: Trojan Horse”
The email looked very authentic but:
All the links like liveupdate, existing customers etc. went to “http-dr.bluehornet-com.ct/………type=1”
Looking at “http-dr.bluehornet-com” I found a login-site, which hides the login-domain. It is clear for me,that its not the same site as www-bluehornet-com and that it is a fake itself probably with malware in the linksites. I will send it forinformation to symantec and delete it.
Great. So phishers are already taking advantage of Symantec’s less-than-responsible email practices.
I received an email regarding a “$40 off Norton Internet Security 2006” and questioned it’s Symantec authenticity since the email was from Symantec@reply.digitalriver.com and the link to download/purchase the product routed back to a http://dr.bluehornet.com/ link. I contacted Symantec and they confirmed that they are associated with Digital River and that the “dr” in the link stands for Digital River and that the offer should be legit. Side note, after further researching, it seems that Digtial River is associated with Blue Hornet. I guess all this marketing is like sex; everyone is linked up with someone else. And all I want is some peace-of-mind, cost-effective virus protection.
off topic-anyone ever actually get a rebate?.am waiting for three
Yup, got the dr.bluehornet.com message. Took me a lot of time to get that message forwarded to symantec; it’s like they don’t want to know – if there are more security risks out there, there is more reason to buy their product. Leads one to wonder, who is really starting these viruses and worms. Who has a vested interest in selling something that fixes these problems. Nah, that couldn’t be true. Have I been Oliver Stoned?
I also just received the dr.bluehornet.com message but it was for CA’s ePest Patrol. The message is below. Note that the word download is a link to http://dr.bluehornet.com/ct/ct.php?t=266092&c=478296554&m=m&type=1&h=7CB8431DDCD6CC294734CE64DC77F24D
I sent an email to CA to inquire about its authenticity.
CA Anti-Spyware 2007 (formerly eTrust® PestPatrol® Anti-Spyware) is the latest release of CA’s award-winning, industrial-strength anti-spyware software. A benefit of your annual subscription is FREE product upgrades as they become available, providing you with the latest features at no charge.
Download the new version today and start taking advantage of new features like:
* An improved user interface that assists you in quickly and easily setting preferences, checking program status, and maintaining a protected PC
* Improved real-time protection that guards you against an even wider range of spyware threats
* A Secure Now feature that provides proactive protection by monitoring critical program functions and settings, and reminding you to keep your security optimized
* The Threat Outbreak Warning System giving you detailed, up-to-the-minute information on the most recent and most prevalent spyware threats
To upgrade now, download CA Anti-Spyware 2007.
Need help installing? Visit our online upgrade page for instructions on how to install this new version.
Thank you for choosing CA.
The CA Consumer Team
Reply to: Monday, February 13th, 2006 at 9:23 AM by Kelson.
… all techniques to force people to lower security to third party cookies and to open the door for spying and entering in to your world. Ethical ?
Hmm… if you don’t follow safe practices online, you’re more likely to need security software?
I’ve just got an email allegedly from TurboCAD – Thunderbird caught it as a possible scam. I had to think carefully about this one, because I did install a trial version of TurboCAD 12 and therefore IMSI would have my details. But the links do NOT go to IMSI’s website, so that’s one for the trash whether it’s genuine or not!
I just got the dr.bluehornet.com link, for a supposed survey, from PC Tools (Spyware Doctor).
Just received this today. Questionable huh?!!!
As a valued user, you’re eligible for a FREE* update to Norton Internet Security 2008 for use during your current subscription period*.
This PC Magazine’s Editors’ Choice delivers industry-leading performance, including 69% less memory usage than other 2007 security products** so your programs run faster in the background. Plus, you’ll get free one-click access to expert support.
Industry-leading performance and exclusive new features
NEW! Optimized product design sets new industry standards for fast scan times and decreased impact on system startup and resource usage.
NEW! One-click access to FREE expert support via online chat or e-mail from your Norton Internet Security 2008 interface.
NEW! Norton™ Identity Safe protects, manages, and optimizes multiple passwords and online identity information when you bank, browse, and shop online.
NEW! Network Security Monitoring monitors your wireless network security, maps connected devices, and provides expert advice.
Learn how the performance of new Norton Internet Security 2008 exceeds industry standards.
Download your FREE* Update now. See why we say, “Go ahead. You’ve got Norton.”
After downloading your update don’t forget to install the Family Add On Pack™.
email recieved was, Upgrade your Norton Internet Security to the new 2008 version. Is it safe?
[…] wee bit of research shows that this is not a new situation. I’m still pretty pissed not only about the opt out notion of charging me for shit I […]
I refer to your email dated mar.20th 2008 I have tried to download and install 360tm without success I HAVE TRIED TO CONTACT YOUR company by email several times no reply the following comes up [ the procedure entry point getmodule handle exw could not be located in the dynamic link libary kernel32 d11 since this the e mail received suggests your help I would appreciate a reply stanley gale
Congratulations, Stanley Gale! You just won the “I can’t be bothered to read the page I’m posting on” award for the day!
This is not a Symantec contact form. It’s a personal blog entry complaining about Symantec’s email practices.
dr.bluehornet.com also sends out marketing junk for Nuance’s Dragon NaturallySpeaking Standard 10.1 – Exclusive Spring Offer
I think it is just a spam e-mail site, and I am going to block it.
So today while I’m working on a project WITH A DEADLINE, all of a sudden I get a popup that I’ve installed TM on too many computers. What? I renewed it a couple weeks ago on 3 computers, which is all I have and what I paid for.
I click on it and it wants me to pay another $72.99 – after the $89 I’ve already paid, and after I’ve received several confusing emails asking me to return to TM for 40 percent off after I had renewed. I click off of the $72.99 request and TM says it’s disabled and deactivated.
I call the customer service and get someone in India named “Grace” who can’t understand me and disconnects me after putting me on hold three times. I call back and get “Joyce” who also keeps putting me on hold, then tells me I have to call another number. I ask for a refund. She puts me on hold for about 5 minutes, comes back and says it’s being processed.
I open the TM console to see what’s going on now, click around and it says it’s activated. No doubt I’ll have to jump through more hoops to actually get a refund.
It’s impossible for me to tell if the problem is with TM or Digital River. I suspect both from all the complaints I’ve read on the Internet. This is absolute nonsense.
For now I will order a boxed Norton set from Amazon to try to avoid Digital River. it is unfathomable to me, with all the problems there are with Digital River, that software companies continue to do business with them.