Symantec has filed suit against an alleged software piracy ring that’s been in operation in North America since late 2003, the software vendor claims.

The lawsuit, filed last month in US District Court in Los Angeles seeks more than $15 million in damages from a network of US and Canadian businesses that are alleged to have sold counterfeit versions of Symantec's products, including Norton AntiVirus, pcAnywhere and Veritas Backup Exec.

Symantec said these companies and their affiliates run a global counterfeit organisation that focuses on the US and Canada.

The businesses, which operated under eight different names, including Sili, Advanced Sales Productivity Solutions and GT Micro, used spam and online advertising to offer Symantec's software at cut-rate prices, said Cris Paden, a Symantec spokesman.

Customers who paid for the software would then be sent disks with Symantec's logo, wrapped in plain white sleeves. The disks, which came without documentation, would not install or work properly and could also include malicious software that would then be used to steal sensitive information from the purchaser's computer, Paden said.

Symantec began investigating the matter in early 2004, when it started receiving complaints from customers who had bought the software, Paden added. "The people who bought these disks thinking they were from Symantec would come to our customer service," he said.

One of the Sili websites named in Symantec's complaint,, offers $6-per-user volume licensing deals on Symantec's Norton AntiVirus 2006. The product typically sells for about $20.'s website also offers software from McAfee, Intuit, Corel and Webroot, among others. Sili representatives could not be reached immediately for comment.

Customers who are worried that they may be buying pirate software online should make sure they are actually giving their credit-card information over a secure website, Paden said. That means that when they are asked to enter a credit-card number, the web address should begin with https://, and there should be a locked padlock displayed near the address to indicate that the browser is visiting a secure site.

"That's the smoking gun as to whether you're dealing with a legitimate outfit or not," Paden said. "99 percent of the time these guys don't use this."