Is Norton Anti-virus Spyware? ATOT Effect May Be Needed.

Toggle sidebar Toggle sidebar
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
We all know Norton AV is a resource hog, but what many of us may not be aware of is that Norton may also be Adware/Spyware.. See the edvidence I have gathered and judge for yourself.

Exhibit A

Exhibit B- TCP/IP Packet Details


I need the ATOT effect to help investagate this further.
 
T

The Batt?sai

Diamond Member
Jan 18, 2005
5,170
1
0
Originally posted by: Googer
We all know Norton AV is a resource hog, but what many of us may not be aware of is that Norton may also be Adware/Spyware.. See the edvidence I have gathered and judge for yourself.

Exhibit A

Exhibit B- TCP/IP Packet Details


I need the ATOT effect to help investagate this further.
Click to expand...

i just knew that damn norton was too good to be true! ;)

you should rename this thread: "Norton: the new AOL"
 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
Originally posted by: Phil
You'll be wanting to run Ethereal and capture exactly what is being transmitted and received.
Click to expand...

What software might you recommend?
 
I

imported_Phil

Diamond Member
Feb 10, 2001
9,837
0
0
Originally posted by: Googer
Originally posted by: JToxic
Interesting....
Click to expand...

I did find this thread... I might be of interest.

In both cases they are running Norton AV and have popup problems from bannerfarm.ace.advertising.com


http://www.velocityreviews.com/forums/t205027-help-too-many-popups.html
http://forums.techguy.org/security/208019-bannerfarm-ace-advertising-com.html
Click to expand...

I'm not defending Symantec, but both of those are far too much like coincidence. There's no real, hard evidence. I have Symantec Corporate installed, and my firewall's never logged it connecting to bannerfarm.
 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
I have never used Ethereal before, but I will report back the results later on tonight (or Tomorrow).
 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
Originally posted by: Phil
Originally posted by: Googer
http://www.google.com/search?num=100&hl...=norton+spyware+bannerfarm&btnG=Search


ALSO

http://www.google.com/search?num=100&hl...coff=1&q=norton+bannerfarm&btnG=Search
Click to expand...

Again, circumstantial. That lists people that have bannerfarm issues and are running Norton.

http://www.google.com/search?num=100&hl...=mcafee+spyware+bannerfarm&btnG=Search

Pretty much the same thing.
Click to expand...

But Norton is connecting to bannerfarm. The edvidence is right in front of you.
 
J

J0hnny

Platinum Member
Jul 2, 2002
2,366
0
0
Originally posted by: Googer
Originally posted by: Phil
Originally posted by: Googer
http://www.google.com/search?num=100&hl...=norton+spyware+bannerfarm&btnG=Search


ALSO

http://www.google.com/search?num=100&hl...coff=1&q=norton+bannerfarm&btnG=Search
Click to expand...

Again, circumstantial. That lists people that have bannerfarm issues and are running Norton.

http://www.google.com/search?num=100&hl...=mcafee+spyware+bannerfarm&btnG=Search

Pretty much the same thing.
Click to expand...

But Norton is connecting to bannerfarm. The edvidence is right in front of you.
Click to expand...

How do you know Norton isn't compromised?
 
G

GrammatonJP

Golden Member
Feb 16, 2006
1,245
0
0
wow, im using nav, but i got no pop ups.. i guess ill run ethereal to see if im hitting anything....
 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
Originally posted by: J0hnny
Originally posted by: Googer
Originally posted by: Phil
Originally posted by: Googer
http://www.google.com/search?num=100&hl...=norton+spyware+bannerfarm&btnG=Search


ALSO

http://www.google.com/search?num=100&hl...coff=1&q=norton+bannerfarm&btnG=Search
Click to expand...

Again, circumstantial. That lists people that have bannerfarm issues and are running Norton.

http://www.google.com/search?num=100&hl...=mcafee+spyware+bannerfarm&btnG=Search

Pretty much the same thing.
Click to expand...

But Norton is connecting to bannerfarm. The edvidence is right in front of you.
Click to expand...

How do you know Norton isn't compromised?
Click to expand...

I had just installed it and had finished using 6 other AV scanners plus Spybot, adaware, and windows defender.
 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
Originally posted by: SagaLore
Nah, Sygate is giving you the wrong reverse lookup.

24.28.47.203

is owned by:

a205-188-221-46.deploy.akamaitechnologies.net

And akamai technologies is:

http://www.pcreview.co.uk/forums/showpost.php?p=270815&postcount=3

Symantec is just outsourcing their updates to a company that specializes in file distribution.
Click to expand...

That could be, but a day after I posted this a few other norton related files were also trying to connect to several other ad servers (other than bannerfarm). I do not have a screen shot of it.
 
SagaLore

SagaLore

Elite Member
Dec 18, 2001
24,036
21
81
Originally posted by: Googer
Originally posted by: SagaLore
Nah, Sygate is giving you the wrong reverse lookup.

24.28.47.203

is owned by:

a205-188-221-46.deploy.akamaitechnologies.net

And akamai technologies is:

http://www.pcreview.co.uk/forums/showpost.php?p=270815&postcount=3

Symantec is just outsourcing their updates to a company that specializes in file distribution.
Click to expand...

That could be, but a day after I posted this a few other norton related files were also trying to connect to several other ad servers (other than bannerfarm). I do not have a screen shot of it.
Click to expand...

Give me IP addresses please. :)
 
A

archcommus

Diamond Member
Sep 14, 2003
8,115
0
76
Originally posted by: SagaLore
Originally posted by: Googer
Originally posted by: SagaLore
Nah, Sygate is giving you the wrong reverse lookup.

24.28.47.203

is owned by:

a205-188-221-46.deploy.akamaitechnologies.net

And akamai technologies is:

http://www.pcreview.co.uk/forums/showpost.php?p=270815&postcount=3

Symantec is just outsourcing their updates to a company that specializes in file distribution.
Click to expand...

That could be, but a day after I posted this a few other norton related files were also trying to connect to several other ad servers (other than bannerfarm). I do not have a screen shot of it.
Click to expand...

Give me IP addresses please. :)
Click to expand...
Yes do, I'm interested.

 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
I'd love to give you the IP, but it has been two weeks since I removed norton from my computer.
 
I

Injury

Lifer
Jul 19, 2004
13,066
2
81
Umm... you guys do realize that even AV software can get infected with spyware/malware, right?

Sounds to me like this bannerfarm crap is just a program that specializes in infecting Norton's AV.

I'm not going to say you are all wrong, this COULD be the case, but if it were, within weeks of the release that started it, it would be on every news station in the US.
 
ebaycj

ebaycj

Diamond Member
Mar 9, 2002
5,418
0
0
Also could be a (nearly undetectable) rootkit, that is making a tcp/ip connection, that decided to masquerade itself using the process_id from one of the NAV proggies.

 
Googer

Googer

Lifer
Nov 11, 2004
12,576
7
81
Originally posted by: Injury
Umm... you guys do realize that even AV software can get infected with spyware/malware, right?

Sounds to me like this bannerfarm crap is just a program that specializes in infecting Norton's AV.

I'm not going to say you are all wrong, this COULD be the case, but if it were, within weeks of the release that started it, it would be on every news station in the US.
Click to expand...

Norton was freshly installed on my pc. I ran the program once for a full scan then removed it a day later.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom