Is Malware Targeting Norton???

I am just making an observation: every system I have disinfected in the last two months (more than 20) have all been running some flavor of Norton.

Is anyone aware of current malware that is targeting systems with Norton on them??

 

Norton is very popular, especially among business computers (nice targets for malware.) While Norton isn't necessarily being exploited you can bet that malware authors make sure their payloads bypass Norton's protections before releasing it.

That... and I've never been too impressed with Norton's protection.

 

No more than any other AV. It doesn't help if Norton flavours were old or not regularly updated.

 

Yes, most of the infected machines were running 2010 and 2011 versions of Norton. Several, however, are running various 2012 flavors....

 

Hi kdcdq,

Thanks for pointing this out. What kinds of threats are you finding on these machines ?

Thanks,

Shane.

 

I found various forms of adware, spyware, viruses, trojans, and one rootkit on the infected machines. No one machine had more than five infections. Fortunately all of the machines are now malware free (so we hope)...

 

Unfortunately an antivirus alone (Norton nowadays is among the best available) is not enough, another layer is absolutely necessary to have some peace of mind.

 

Yeh i used to get so many activities in history with alone Norton AV & winxp firewall.
Since i installed private firewall, no more activities!!!

 

Nonsense. This might have been true years ago when AV's were strictly that. But today they have all sorts of systems to combat all kind sof malware and this just doesn't apply anymore.

 

There is no need to patch OS, no need to secure browser, no need to not click on any link. AV will protect against all. Layers are so last year.

 

What I believe RejZoR meant is that these "AVs" (which are actually more or less suites) already contain multiple layers nowadays. Sure, there's other things that are useful to do too like keeping your OS up to date, but you don't necessarily need other 3rd-party protection software with one of the most efficient suites.

 

except when removing malware that sneaked in.

 

Not even, if you use certain security tools. They do it for you.
But I agree that piling security tools one on top of the other (layered protection) is helping more the security companies than the user. Just use one good tool and master it, its all what you need.

 

As in in addition to whatever suite used Otherwise, when talking about layers it is not 2, 3 or more security software that is meant as a layer (security software is but one layer)

 

To each its own, I believe that years ago one could do with only an AV, nowadays all my computers have sandboxing and virtualization, the antivirus has a relative importance in my security. Norton has had so far excellent results in almost every test, still they cannot guarantee 100% security, and neither Avast can for that matter.

 

Something will always sneak past something. Do you really want 15 anti-malware tools on your system?

Using an AV with good track record, patched OS and up to date browser are imo enough to keep 99% of ppl perfectly safe.

I usually just run Norton Power Eraser or Comodo Killswitch/Autoruns to quickly checkup my systems. But they never found anything that avast! didn't. And i can say similar thing for other products like AVIRA, AVG or MSE...

@Osaban
And what can guarantee 100% protection? There is no such thing as 100% protection. Not in computer world or anywhere else.

 

My main security suite is Chrome + Sandboxie + Rollback Rx. Do you really think NIS or Avast Internet Security can beat that? I repeat to each its own.

 

I am curious. What did you use for cleaning the Malware? Antivirus Live CD, MBAM, SAS, Emsisoft Emergency Kit, etc.

 

I dont think malware is targeting norton. Norton is just used alot. when people think of antivirus software most will think of norton and mcafee.

I would be interested to know which versions of norton where installed on the machines you cleaned and if they were up to date and in subscription period.

 

Yeap, correct in an ideal world of informed users. Unfortunately this is translated (for the majority of the users out there, not wilders) in to piling up overlapping tools with overall negative effects on protection.

Keep the system and its components updated (including simply not stopping automatic updates as often happens in many PCs), LUA, well managed/kept single security suites (the majority of them already including several advance protection mechanisms such as sanboxing, heuristics, backup, firewall, hips and emergency recovery tools) and user education are much more effective than running multiple tools. Just another type of layered approach, better tuned to the users out there.

Going back to the post, Norton is not more vulnerable but just more used. And I am sure going back to those infected PCs you will see that aside Norton not being updated there will be other problems at the level of OS or the applications used or the careless of the user.

 

I used MBAM, SAS, Spybot, DrWeb CureIt, Comodo Cleaning Essentials, Hitman Pro, and Norton Power Eraser to clean the infected systems..

 

In practicality and user friendliness, yes, every time. If sandboxing and system backup would be the magic bullet, everyone would be using it. But this just isn't the case, don't you think? Not everyone are willing to geek around manual sandboxes. Some just want to work and be automatically protected at the same time.

 

Yeh. So True
In January i was infected by a trojan-downloader .
I scanned it with Bitdefender (6/6 in repair in AV-TEST)
Norton. Yeh Yeh norton!!!
Avira......
Malwarebytes.......
Bootable Avira-GDATA-Bitdefender-AVG
at the end of the scan, it said TR-Downloader is deleted
YOUR SYSTEM IS SECURE
MY A$$
after 10 min. Avira-Bitdefender started detecting sality, trojan again....
The only thing that worked for me was Formating the system partition.
i wish i had tested Hitman PRO at that time!!!

 

You see the beauty is that what I'm using as a suite is not even anti-malware per se (I would have thought you knew the difference between instant system restore and backup, perhaps that's too geeky).

Everyone is not using it only because it is more profitable to charge people every year rather than once, AVs are the biggest rip off ever created as far as the Internet is concerned, and that is the only reason most people are lead to believe that an AV is all they need, marketing, aggressive marketing.

As for your user friendliness, I see it more as user blindness which inevitably leads to multiple infections. Haven't you read the first post on this thread?

 

The reasons not all use your solution is that they are unfortunately not fully user friendly and needs some actions and understanding from the users side. This will create nightmares on novice and casual users (most out there). Kids want to play games and to do so you may need to tune up some protection components outside the sandbox or user Y want to print and it fails so because its need to add a specific registry into the exclusion... and so on...

May be it will come a day in which users could make use of this tools with little if no knowledge. Unfortunately, so far, this is a niche market. You have even some major security company removing sandboxing components from their security tools.

So, to each its own...