Stolen security logos used to falsely endorse PUPs

Stolen security logos used to falsely endorse PUPs

To gain the trust of users, many websites and companies feature the logos of reputable firms who endorse their products. Unfortunately, some unseemly companies do the same, using logos of companies who have not, in fact, endorsed their product in order to trick people into thinking that what they are about to install is legitimate. Potentially Unwanted Programs (PUPs) are masters in this trade of building false trust.

Gold Partner Tuneup

The most popular logos to used by criminals achieve this false trustworthiness are:

  • McAfee SECURE
  • Norton Secured Seal
  • Microsoft Partner Network/Microsoft Technologies

Below is an example of a website that has all three of them, so it must be the safest site imaginable. (Wrong.)

fake online scanner

In fact, it is a fake online scanner that will try to scare you into thinking that your computer is infected with some nasty viruses and that their solution can take care of it. Actually, they will try to sell you a PUP like Master PC Cleaner that will inform you about even more problems with your system. To compound matters, they’ll then offer to help you get rid of them—for a price. Should you need assistance, many of these so-called “system optimizers” are not afraid to get involved in tech support scams either. Their support numbers are displayed prominently in their GUI.

So how do programs that can scam people out of money in three different ways get these badges of authentication on their sites? Likely, they are used without authorization. In fact, it is no harder than copying one of these logos from a Google image search and inserting the image onto the site.

What do these logos actually mean?

First of all, if the logos are used without authorization, they mean nothing. Nada. Niente. Putting a picture on a website does not change the way the site or product it offers behaves.

But even if the logos are real and authorized, they may not mean what you think they mean. To help suss out whether a site is trustworthy or not, it’s not a bad idea to learn what these logos actually stand for.


The McAfee SECURE logo is free for websites with up to 500 visitors per month. If you find the real logo on a site, it will be visible as a small “M” in the bottom right-hand corner. You can expand that logo to read about what it means.

McAfee logo check

In a nutshell, a McAfee SECURE logo indicates the following:

  • There is no malware hosted or linked to on the site.
  • The site has a valid SSL certificate, which means traffic to and from is encrypted.
  • There is no phishing detected.

Which is all well and good. It means the website has been checked for all these points, but it doesn’t mean that the product advertised on the site is endorsed by McAfee. And if you see the logo displayed without an option to see the number of reviews, chances are high that the site owner just pasted that image on their site and didn’t actually earn in. As was the case for our fake online scanner.

Norton Secured Seal

The Norton Secured Seal is included at no cost with all Symantec certificates. If installed on a website not using a Symantec certificate, the seal will not display. Please note that this doesn’t mean it will stop someone from using an unauthorized image on their site. But again, even if the seal is real, it doesn’t mean the product advertised on the site is secure. It just tells us the site has a Symantec SSL certificate.

Microsoft Partner Network

The Microsoft Partner Network (MPN) is designed to help qualified technology companies build, sell, provide, service, and support solutions for their customers with Microsoft technologies. To qualify for the MPN, a technology company must sell or provide more than 75 percent of its IT solutions and services, or derive 75 percent or more of its total revenue through the external monetization of their intellectual property solution(s) to unaffiliated third parties. Nothing in the MPN agreement restricts a company from working with and using non‑Microsoft technologies.

Basically, companies pay a fee for which they get Microsoft tools, training, and software in return—and the right to display a Microsoft partner logo on their product and site. The only “check” that Microsoft performs for the exchange of their tools and logo (that I could find) is to verify that partners derive 75 percent of their business from third parties (non-affiliates). That could be anyone. And it doesn’t guarantee the safety of the products sold on the site.

How can I check the authenticity of the logo?

If you see a McAfee SECURE or Norton Secured Seal on a website, you can check to see if they are real by clicking on the logo. The real logos are clickable and include additional information about their meaning. Fake McAfee and Norton logos will not be clickable or might include incomplete information.

The Microsoft Partner Network is searchable, but unfortunately knowing the name of the product alone is not always enough to find out if that company is a legitimate partner. And the name of the product is not necessarily the same as the name of the company.


As we have learned, it is easy to abuse logos of trust on websites, who use them to fake the appearance of an endorsement of a product or site. It’s also easy to confuse those logos, even when used legitimately, for a blanket statement on the security of the product or site. And since most fraudulent companies change names and sites almost as often as their socks, they don’t care if someone finds out.

That means the best thing you can do to guarantee a safe online purchase or surfing experience is to never assume that a logo automatically makes a site legitimate. Put on your cynical caps, take a closer look, and remember that if it seems too good to be true, it probably is.

Be careful out there!


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.