PIFTS.exe

[SuperJesus]

To high and tired to make more research, this s the jist of it. Any feedback?

http://encyclopediadramatica.com/PIFTS.exe

[Tecnos]

This is Symantecs response to the debacle:

http://community.norton.com/norton/b...9119&jump=true

Symantec released a diagnostic patch "PIFTS.exe" targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 - 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue.



There has been activity in the Norton User Forum related to PIFTS.exe which has generated additional concern and media speculation. At approximately 10:30pmET Monday March 9, Symantec detected that our User Forum boards were being abused by an individual or individuals. One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec. Below are some examples of the forum spam we received from these new user accounts. These forum posts contained no text in the body of the message, simply a subject:



* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE


Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines. Upon determining that our User Forums were being abused, Symantec began removing the spam posts.



Finally, it has also been reported by the Washington Post that hackers are taking advantage of this situation. "Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them." When searching for information on "pifts.exe," Symantec strongly advises all users to be wary of following links to unknown sites as malicious users are attempting to use this hot topic to distribute malware.
Message Edited by davecole on 03-10-2009 12:45 P

[Truthed]

Quote:

The file, called Pifts.exe, requests permission to dial out to the internet. But users of Symantec’s Norton Internet Protection software have found it almost impossible to find more information about the file’s origins and purpose, and the situation has led to a rash of rumours on online message boards about the true purpose of the file.
Security experts, however, believe the file is innocuous and does not pose a threat to internet users.

Many users first became aware of the file on Monday, when their internet protection software popped up a warning that Pifts.exe was trying to access the internet. The location of the file pointed to a non-existent folder within the user’s Symantec LiveUpdate library.
Further investigation by some Norton users suggested that the file attempted to dial out to Norton servers in Africa, while others wildly speculated that “Pifts” stood for Public Internet File Tracking system, and was a sinister attempt to monitor users’ online behaviour.
The rumours were further fanned by Symantec’s apparent decision to delete threads related to the issue from its user support forum, leading some web users to suggest a cover-up by the software company.
But security experts have said that early indications show the file is not malicious and is related to Norton’s security products. It has a build date of March 5, suggesting it has only just been created, said Graham Cluley, a security expert with Sophos.
“Pifts attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters,” he wrote on his blog.
“We feel fairly comfortable in debunking the internet rumours claiming that Pifts might be a rootkit [a tool used by hackers] or a government-sponsored backdoor to spy on the masses.
“We think it’s more likely that Symantec’s programmers simply forgot to properly tag the file as having permissions to perform its functions. Indeed, a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff, rather than a sinister plot against Norton users.
“Our guess is that Pifts is some kind of feedback component designed to gather statistics about Symantec’s products, or an auto-update component.”
A spokesman for Symantec said the company was trying to get to the bottom of the issue, and would issue a statement shortly.

SOURCE

[Tecnos]

Quote:

Originally Posted by tecnos

this is symantecs response to the debacle:

http://community.norton.com/norton/b...9119&jump=true

AS ABOVE!

From Dave Cole - Senior Director of Product Management Consumer Products and Solutions (Symantec)

Pretty much constitutes a response and statement from Symantec.