Norton AntiVirus Gaming Edition is no longer available

In the old days, practicing “safe Internet” meant staying in the good online neighborhoods so you didn’t get infected. Today, almost any website you visit could be a landmine leading you to having your system compromised.

Recent reports from SANS Internet Storm Center and The Register detail millions of potentially infected mainstream websites including news media, retail shopping, hobby forums, gaming, banking, popular social networks, education, government, travel and vacation sites. In July 2008, Websense reported that “60 percent of the top 100 most popular Web sites either hosted malicious content or contained a masked redirect“. The truth is mainstream websites are being compromised and are subjecting consumers to drive-by downloads on a daily basis.

Today I Googled Final Fantasy and clicked on the top search result which turned out to be a web site called “thefinalfantasy”. I was immediately hit with a malicious drive-by download attack. Lucky for me, I’m a security nerd and I work for Symantec so I was running Norton. Here’s a screen shot of details on the drive-by download that was blocked.

The what and the how of a drive-by download
So what is a drive-by download? Wikipedia defines it as a “Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user.” No user interaction is required. You don’t have to click on anything, open up a file, or send any information. Simply navigate to an infected site, and it’s “game over”. Your system has been compromised! Bad guys can install anything on your system – fake antivirus products to trick you out of money to remove viruses you don’t have, keyloggers to steal your banking and credit card information, and bots to have your system be used to compromise other sites.

Hackers are using automated tools to infect thousands of websites at one time using techniques such as SQL injection to insert any code they want on those sites. It can be as simple as adding one line of code to a website saying “send any users who visit goodsite to my badsite hosting malicious attack software” Your system is then attacked by just by visiting the goodsite. If your system is running a vulnerable browser, ActiveX control, or application such as a multimedia application, then the badsite could add the malware to your system. The key take away is that the threat landscape has changed considerably in the past few years, and the security software on your system needs to change with it. Simply put, not all antivirus and security products are equal in the ways they protect you.

New protection is required
Protection from today’s threats requires newer proactive protection technologies to address what traditional signature based approaches can’t. Symantec added new protection technologies to Norton to provide additional protection against browser vulnerabilities, vulnerable ActiveX controls and multimedia application vulnerabilities.

Last summer Symantec commissioned Cascadia Labs to look at the effectiveness of leading paid consumer security products in protecting against today’s real world attacks. Cascadia conducted an independent test using the same methods by which malicious websites attack users PCs and also visited live malicious websites with the security products installed to protect them. The results show that Symantec’s Norton Internet Security 2008 provided almost perfect protection – the highest of any other tested product. Cascadia's full report can be found here: http://cascadialabs.com/clients.html

In the meantime, here are a few tips to protect yourself:

• Keep your Operating System, applications, browser and associated plug-ins patched and up to date.
• It still pays to be discerning with which websites you visit, links you click on and applications that you install, even if it’s not a bullet proof defense.
• Run a top rated security suite known for having leading technologies to keep you ahead of today’s threats. Norton 2008 and 2009 have Browser Protection technology built-in to protect against drive-by downloads and other Internet nasties — great incentive for current Norton users to update to the latest versions at no additional cost as part of their subscription!
• Keep a valid subscription to keep security updates coming

"Mom, can we get this new game for my PSP? It's totally awesome; I played it at Justin's house and it was so cool? Please oh please??"

Does that scenario sound at all familiar? You are in the mall, in Toys 'R Us or your local big box retailer and your previously sullen and mopey pre-teen child has suddenly sprung to life. Depending on your personal view about spending money on new game titles when it's not a birthday or gift-giving holiday, let's just assume that it's not the money you are concerned about. It's trying to know whether or not the new game is appropriate for your family environment and your child's age and maturity. Are you going to get this new game home and suddenly realize it has foul language or excessive violence? As the song in "Enchanted" says, "how do you know?"

Despite the widely recognized value of the ESRB ratings, most parents fail to understand their meaning or to use them consistently. And even the valuable ratings don't provide enough information at the point of purchase to truly empower the parent. That's why I want you to know about some great resources from GamerDad, Andrew Bub, who has been writing about games and kids for over 4 years. The site I found him on, http://www.whattheyplay.com/, is perfect for looking up a particular title and getting a detailed review, from a parent's perspective.

What's truly great about these sites is that they are written from a pro-gamer perspective. You won't find here the ranting paranoia of certain sectors that insist all games are bad. However, there is recognition that some games are not appropriate for younger children, or that some titles are too easy to keep your child's attention long. A recent question from a parent was about how to select game titles for their 15 year old with Down's Syndrome. Parents in the community with similarly abled children posted their own recommendations - what a great service!

OK, so the next time your child mentions a new game they simply have to have, visit whattheyplay.com (with or without your child) and read the review. And then, make sure once you purchase a new title that you sit with your child, and ask about the game. Watch them play and have them show you how the game works. It's a fantastic bonding opportunity, whether you pick up the remote or not.

Happy Gaming!

It is surely of no surprise that not only banks are targeted by phishing attacks, but nearly anything that can be scammed. We already commented on the rise in attacks targeting virtual worlds and especially massively multiplayer online role-playing games (MMORPGs) in earlier posts. The growing market for virtual currency and player accounts does attract new scammers. It’s the nature of things that if something becomes popular to use, it will also become popular to attack.

There was no exclamation of surprise then (a.k.a. Wow!) when I saw the latest phishing email for World of Warcraft. In general, it attempted to get a reaction from me by telling me that my account was temporarily suspended and that I need to log in to verify my details. Well actually, I would rather not log in to unlock my account but hey, it’s their story, not mine.

If you were to follow the masked link you would end up at a spoofed site: http://wow-europe.good*******.eu/servicehttps3A2F2Fwwwwoweuropecom2Faccount2F.html

The page asks you for your password. If you actually read the text you will notice that the scammer even left the phishing warning intact, which tells you that you should make sure that you are on a page that starts with „httpS://www.worldofwarcraft.com/“. Clearly this condition is not met on this fake site. On the other hand, we all know that users are having problems reading and identifying URLs correctly.

The page is made to appear quite convincing, which is not that surprising because they just copied everything and used direct linking to all the original images. So let's say you just woke up and didn’t notice the glitch in the URL and therefore logged in. You would be taken to a Web site that asks you for even more personal information. After you give all those away as well, including the answer to your secret question, you will be redirected to the official WoW main page. All the while, your account is scheduled for infiltration so all of your gold and items can be stolen by the scammer.

If you follow some simple rules then you should not fall victim to dumpy phishing attacks such as these. Always make sure you are on the official site when you log in. Blizzard's account security information found here sums it up as follows:

The vast majority of account compromises originate from one of three sources:

1. "Spoof" Web sites and emails
2. Downloading hacks, cheats, or other executable content
3. Sharing account information and/or using power-leveling services