Here is an update from Norton: http://tinyurl.com/d5ef7s It was all a big misunderstanding...
"Hi everyone, Symantec released a diagnostic patch "PIFTS.exe" targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 - 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue. There has been activity in the Norton User Forum related to PIFTS.exe which has generated additional concern and media speculation. At approximately 10:30pmET Monday March 9, Symantec detected that our User Forum boards were being abused by an individual or individuals. One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec. Below are some examples of the forum spam we received from these new user accounts. These forum posts contained no text in the body of the message, simply a subject: * O LAWD IM CHOKIN ON PIFTS PLZ HALP * OH GOD YOU GOT CHOCOLATE IN MY PIFTS * If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E * IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE? * PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE * I LOVE MY PIFTS.EXE Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines. Upon determining that our User Forums were being abused, Symantec began removing the spam posts. Finally, it has also been reported by the Washington Post that hackers are taking advantage of this situation. "Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them." When searching for information on "pifts.exe," Symantec strongly advises all users to be wary of following links to unknown sites as malicious users are attempting to use this hot topic to distribute malware. The spammers also chose to use the comment area on my blog. I was very reluctant to turn comments off this morning but when the number of comments grew to over 100 and began to include profanity and sexual material, it was time to take action. (We have to keep this site family friendly!)" Message Edited by davecole on 03-10-2009 12:45 PM "I assure you we will be turning commenting back on but will continue to monitor any possible future signs of abuse, in accordance with our forum terms of service. I apologize for any inconvenience this situation may have caused." marianmerritt "Just want to add additional comment here because of the inquiries we've seen coming in to the forum. There's been speculation that PIFTS.exe is sending information to a server in Africa, which is untrue. The servers used by PIFTS.exe are located at a SwapDrive facility in North America. Symantec completed the acquisition of SwapDrive in June 2008, so these are indeed Symantec servers. Also, PIFTS.exe does not collect or send any of our users' personal information. We will be posting a technical write-up to the forum soon with further details on the data PIFTS.exe collects. Tony Weiss Norton Forums Administrator Symantec Corporation " Richard P. > From The Washington Post: > > http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************