"[Monday] evening, on systems with Norton Internet Protection running, users began to see a popup warning about an executable named PIFTS.exe trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder. There were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The initial thread received several thousand views and several pages of replies in a few short hours before being deleted. Several subsequent posts to the Norton forum were deleted much more quickly. These actions — whether actively covering up, or simply not well thought through — have spurred people to begin crafting conspiracy theories about the purposes of this PIFTS program. I for one am blocking the program until more information becomes available."
In the Norton forums the proletariats and admins are erasing and banning people for talking about PIFTS.EXE
I just read (and checked myself) GOOGLE IS FUCKING DELETING PAGES WITH PIFTS! Dammit this has to be something big. I actually trusted Google. I think Norton was going to do this without nobody noticing but somebody made a mistake and now everyone knows.
Lots of users suddenly get a PIFTS.EXE popup warning on their AV's
It tries to connect to a Norton website, and also to an african IP.
Now the really strange things here is, Symantec has been deleting all threads made on their forums about this exe, people just asking what it is and the thread gets deleted.
I don't know much about it yet but i'm trying to gather all the info i can get.
Oh does anyone actually have this file?
Source: Tech-linkblog
Also lots of stuff on google.
Edit:
QUOTE
At zonealarm.org, one person reports talking with various representatives of Symantec for two hours without receiving any answer as to why inquiries posted on the Symantec forums were being deleted. The caller was told that PIFTS.exe is part of Symantec's update installation process, was denied any further information regarding the purpose of the file and was repeatedly transferred to a new representative when asking why inquiries about PIFTS.exe were being deleted from Symantec's forums.
Man; am I ever glad I hopped off of the Norton bandwagon AGES ago.
I want to first send a (I won't lie) half-hearted apology to the admins on these forums for my contribution to the spam. However, you guys brought it on yourself. A simple "Here's what's going on, stop spamming thanks" post would have stopped all of this QUICKLY.
Now, on another note, your extremely haphazard way of handling this has prompted many to disassemble your .exe file and we have noticed a few key problems with it:
1) The file itself is designed specifically to send usage history (In the form of Internet Explorer history files, Temporary Internet Files, and Google Desktop information) to 2 private servers: One owned by Microsoft and the other owned by a Washington-based corporation known as "SwapDrive". This in and of itself is a breach of our privacy and should be explained immediately.
2) An inconsistency I noticed with the .exe in question was the fact that it has a very curious amount of padding. Padding is often used in cracking and hacking to force an .exe file to match the expected size of the program. However, why would you need any kind of padding in an official .exe from Symantec? Also, there's a lot of nonsense strings in the file; anything from the days of the week to the alphabet. Which tells me you're using even MORE padding.
I have Norton. I don't know how to find the EXE. I don't really care, for that matter.
Perfect customer.
[img]http://img219.imageshack.us/img219/3664/legendaryrh6.png[/img]
[size=84]Last edited by Powers Which You Cannot Comprehend on Fri Dec 21, 2012 8:36 pm; edited 1 time in total[/size]
