Are Antivirus Software Companies Compromised?

The following is a redacted copy of what I wrote and submitted to one of our Mr Federal Agencies yesterday.

I bought xxx Security Deluxe by xxx from Sam's Club on 13May2019. I was on Mozilla Firefox and went onto the xxx log in page for xxx.com/setup as per instructions. When I went to type in the 25 Alpha-Numeric Product Key I noticed that their web page did not automatically insert the dash between the five sets of five numbers. I inserted the [4] dashes manually. I hit enter but a screen popped up saying that what I bought from Sam's club was not Registered? So I called the phone number on the web page; 888-414-1764 @3:13PM on 13May19. Michael answered and asked my permission to remote access my computer. I thought that was odd but I allowed it via some Microsoft remote connection. However once in I noticed that he started to look for MS Notepad which I had previously deleted from the Windows 10 system. Another screen then opened up and Michael verbally requested that I fill the form which wanted my xxx password along to what I thought he said was my social security number. BEEP BEEP BEEP big RED flag so I then began bitching at him as all of the information he is looking for is already on xxx site [less SSA card] as I am already registered with xxx. At that point I physically removed my Internet cable from the computer and Michael abruptly hung up the phone. I then called xxx internal Security in California to which I stated the above. XXX assigned case #38715XXX to me and he said "that whoever it was they were trying to scam you". OK, like no kidding but you’re a Antivirus software company and others with criminal intent already have mirrored your setup page and your company can’t shut that down? Also my primary question to xxx Security was that is 888-414-1764 an actual xxx company number. He never really answered that question and suggested that it may be a 3rd party subcontractor for xxx.

Huh? So my complaint to Mr. Federal Agency of United States of America is that an antivirus security provider has been compromised by others mirroring their setup page and they really didn't seem to take my concern seriously. That or the guy was trained to make it sound like just another day in paradise. It could also be a rouge employee within xxx doing this. I then did the exact sequence via Internet Explorer and all worked fine and the form populated the dashes. I am up and running so this issue seems embedded within Mozilla Firefox


Yes I also wonder about Mozilla Firefox as PayPal also has criminal entities mirroring their site. At least they admitted it and took immediate action. They were excellent. I also wonder if the XXX guy in Corporate Security is actually them. Well time to spend some money and go VPN as Windows 10 won’t allow me to install the TOR browser, oh by the way.

I also read this article today which is a different subject but sort of the same end game here:

splinknews.com...

Actually another OP wrote this back in the day over 10 years ago:

www.abovetopsecret.com...

I really feel for the older generation as its getting to the point that we can’t tell fact from fiction, up versus down and on and on and on.

The only times I've ever gotten computer viruses were immediately after installing antivirus software.

I haven't used it in almost 20 years and have been virus-free ever since.

The antivirus companies are writing the viruses and then selling you their own cure.

a reply to: NthOther

The only times I've ever gotten computer viruses were immediately after installing antivirus software.

There are no words in the English dictionary (and most likely a French dictionary as well) that I can put together in a sentence to describe that post
Words fail me...
You win the Internet of the Day Award
At least in my book

a reply to: Waterglass

Just get a good , free Internet Security Suite
Malwarebytes or Comodo , etc.
Windows Defender comes with Windows 10 and is really good now , with a very small footprint

It's the classic "create a problem to sell the solution".

a reply to: Waterglass

I don't see much in your story saying a company is compromised. I would never pay for antivirus software.

Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond

Yes. Yes, they are compromised!

A report last week about Fxmsp hacker group claiming access to the networks and source code of three antivirus companies with offices in the U.S. generated from alleged victims statements that are disputed by the firm that sounded the alarm.

a reply to: ManFromEurope

Thats a doosy alright, I read it 2 days ago. Apparently they (group goes by the name 'Fxmsp') got access to unprotected(!) external remote desktop connections and open(!) active directory.
They've been offering since march on the darkweb, for the low low price of only $300,000 in bitcoin ofcourse, access to the source code and other data of roughly 30TB and, to add the cherry on top access to their LAN

This is quite embrassing, those that are supposed to be the experts at security fail this hard

a reply to: Waterglass

Yes, for past 10 years at least. It's a huge multi-billion industry. Symantec was one of the first to be compromised by a particular alphabet agency.

a reply to: EndtheMadnessNow

all the anti-virus entities are in Collusion with malware dispensers... It is their reason for existing--- to know your competition is a requirement...
if your not of like mind with me ...then You are not a CT driven person

You will then be UnMasked and ridiculed day-&-night for trying to pass yourself off as an Actual, ConspiracyTheorist

a reply to: Waterglass
Sam's Club shouldn't be selling fake anti-virus but it's a big problem on the internet.

Some supposedly trustworthy names like McAfee and Norton are supposed to make good products but I've had issues with one of them. McAfee has a blog entry about the fake anti-virus scams out there, reposting a bit here to give you an idea but follow the link to read the whole thing:

What is Fake Antivirus Software?

Most of you know how important it is to have security software on your computers to stay protected from viruses, malware, spam and other Internet threats. Unfortunately, cybercriminals also know that it is critical to have security software, and they are using this knowledge to trick us into downloading fake antivirus software that is designed to do harm to your computer.

Fake antivirus software is one of the most persistent threats on the Internet today. It masquerades as legitimate software, but is actually a malicious program that extorts money from you to “fix” your computer. And often, this new “antivirus” program disables your legitimate security software that you already have, making it challenging to remove.

These rogue programs often hook you while you’re browsing the web by displaying a popup window that warns the user that their computer may be infected. Often, the popup includes a link to download security software that offers to solve the problem, or redirects you to a site that sells the fake antivirus software. It is also often also called scareware since the hackers use messages like “You have a virus,” as a way to get you to click on their message.

I honestly don't know what happened in your specific case but I agree there's no legitimate reason to ask for a social security number, so you're right that's a huge red flag.

a reply to: Arbitrageur


I am fine with Sam's. My issue is Norton. Since I have a Norton account I could simply buy their software for another year over their own web site. Actually much lower cost than Sam's. I didn't do that because I wondered a couple of years ago whether Norton's web page was actually theirs so I buy the box at Sam's so I don't have to give up my credit card. Now I am also wondering about Firefox. So now Norton admits that someone was trying to scam me via a mirrored web page. OK, so why don't you Norton guys do something about it, as it only happened while on Mozilla Firefox. This will be my last year with Norton. I will take the other OPS suggestion and go with Malwarebytes or other.

a reply to: Waterglass
I read the link manFromEurope posted and Norton aka Symantec denies they were impacted and the research firm agrees there's no evidence for that, unlike for the other two companies TrendMicro and McAfee.

www.bleepingcomputer.com...

"Symantec is aware of recent claims that a number of US-based antivirus companies have been breached. We have been in contact with researchers at AdvIntel, who confirmed that Symantec (Norton) has not been impacted. We do not believe there is reason for our customers to be concerned."

A statement we received from AdvIntel agrees with Symantec's comment, noting that more proof was required in order to conclude that an unauthorized entity was indeed present on Symantec's network.

"AdvIntel works directly with Symantec to mitigate the risk. Even though Fxmsp collective claimed that the company is in the victim list, they have not provided any sufficient evidence to support this allegation. We believe with a high degree of confidence that Symantec's assessment of risks and their statement that "there is no reason for our [Symantec] customers to be concerned currently" is correct."

One reason they were able to get into I think McAfee was they used one of McAfee's own products, I think it was called Teamview, which was a legitimate app McAfee had which is why it didn't set off any intrusion alarms or malware alerts. I don't know if Norton/symantec has a comparable product but that teamview entry was pretty specific to McAfee.

I'm not a fan of Norton/symantec mind you so I'm not so much trying to defend them as to just make sure you know what the article really said. I suppose it's possible they really were impacted but the hacker just never posted good evidence for that like he posted for the other two companies.

originally posted by: NthOther
The only times I've ever gotten computer viruses were immediately after installing antivirus software.

I haven't used it in almost 20 years and have been virus-free ever since.

The antivirus companies are writing the viruses and then selling you their own cure.

Ohhh boy you have no idea. There are people out there that love people like you.
No need for an antivirus provider to write malicious software, there are plenty of people out there willing to do it as a learning exercise or just for the lulz.

If you're connected to the internet without any form of protection then you're likely #ed in more ways than one.