Symantec partner caught running tech support scam

Brazen scheme charged consumers five times the list price for Norton security software; Symantec has terminated the partnership

Tech support scammers are known for their cheek -- making unfounded claims that PCs are infected to scare consumers into parting with their money -- but a Symantec partner took nerve to a new level, a security company claimed last week.

According to San Jose, Calif.-based Malwarebytes, Silurian Tech Support ran a scam in which its employees, who billed themselves as support technicians, used obscure but harmless entries in Windows' Event Viewer and Task Manager to claim that a PC had been overwhelmed by malware, then leveraged those bogus threats to sell overpriced copies of Symantec's Norton security software and an annual contract for follow-up phone support.

That tactic was a hoary one, often deployed by technical support scammers. So was the resulting outrageously-priced software and "support."

What was unusual about the scam was that the original bait for the scheme -- a browser pop-up -- was designed to look like an alert from Symantec's Norton Antivirus, including displaying the product's logo. More importantly, the scammer was an active Symantec partner, as Malwarebytes' senior security researcher Jerome Segura pointed out in a blog post last week.

Although tech support scammers frequently claim affiliations with the companies whose products they abuse in their cold calls and scary online pop-ups, it's rare that an actual partner with an established relationship dare pull such stunts.

Last year, for example, Microsoft sued Customer Focus Services, alleging that a web of the California company's sites -- including, and -- shilled phony Windows support and tried to look legitimate by displaying Microsoft logos on its website. But Consumer Focus was not a Microsoft partner.

As part of a settlement Microsoft reached with Consumer Focus in December, a federal court slapped an injunction on the latter, forbidding it to use Microsoft's trademarks.

Symantec confirmed today that Silurian was a partner. "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian," wrote Noah Edwardsen, a Symantec spokesman, in an email reply to questions.

As Edwardsen said -- and Segura noted last week -- Silurian's website was offline. Cached copies of the site, however, remained available from both Google and Bing. Those cached pages trumpeted pricey phone support for Microsoft's free Web-based email service, Hotmail ($200 for 6 months) and spelled out a refund policy that stated a customer would receive no refund, for any reason, if Silurian had resolved one or more issues previously.

Silurian's prices for its Norton Antivirus pitch were scandalous: $199 for a one-time problem fix and remote installation of the software, or $249 for a one-year support plan, including Norton Antivirus.

At list price, Norton Standard Security for Windows -- which includes antivirus protection -- currently costs $40 for a one-year subscription, or $80 for two years. As part of a subscription, Symantec offers live-chat or telephone-based support.

Join the CSO newsletter!

Error: Please check your email address.

Tags Microsoft

More about GoogleHotmailMalwarebytesMicrosoftNortonSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place