In a tale with enough twists to satisfy even a Sherlock Holmes fan, Malwarebytes discovered a tech support scam run by a member of Symantec's partner programme that not only sells its victims unnecessary tech support services, but also legitimate Norton products.
Jerome Segura, a senior security researcher for Malwarebytes, notified Symantec earlier this month that one of the security company's certified resellers, Silurian Tech Support, was also running a scam using a fake Norton Anti Virus pop-up warning as bait to lure its victims.
Silurian would send out fake pop ups stating “System Critically Infected” and to call the number on the ad. When they would call the “tech support” person would say their computer needed work and would sell them a support plan. Next they would try and sell one of the legitimate Symantec products that Silurian was authorised to distribute.
“These companies are trying to be legit, but are shady on the side,” Segura told SCMagazine.com.
Separating the victims from their money is only one aspect of the scam. As part of his investigation Segura called the number and found the Silurian staffer asked permission to remote into his computer. When allowed to do so he saw code being uploaded and some documents being removed from the computer.
Malwarebytes was able to nail Silurian Tech Support by finding a person's name on the scam website that was also listed as a Silurian employee, which was confirmed by doing a search for the person on LinkedIn, Segura said, adding that the site also contained many Silurian documents. Once this was done Segura checked with Symantec and that company confirmed that it did have a deal with Silurian.
Double dipping on both the legal and illegal sides of the business is nothing new with Segura pointing out that Malwarebytes found itself involved in a similar scam with one of its authorised resellers last year.
“This affects Symantec's brand. It's a victim, as well,” he said, adding that most companies have a large number of resellers and it is very difficult to vet them all properly.
Silurian's website was taken down right after Malwarebytes informed Symantec of the scam and Symantec told SCMagazine.com in an email that it is continuing to look into the issue.UPDATED: Symantec told SCMagazine.com in an email Thursday that it was not certain who conducted the scam, but it was terminating its partner agreement with Silurian.