Here is an update from Norton: http://tinyurl.com/d5ef7s It was all a
big misunderstanding...
"Hi everyone,
Symantec released a diagnostic patch "PIFTS.exe" targeting Norton
Internet Security and Norton Antivirus 2006 & 2007 users on March 9,
2009. This patch was released for approximately 3 hours (4:30 - 7:40
PM March 9, 2009 Pacific Time). In a case of human error, the patch
was released by Symantec "unsigned", which caused the firewall user
prompt for this file to access the Internet. The firewall alert for
the patch caused understandable concern for users and began to be
reported back to Symantec. Releasing a patch unsigned is an extremely
rare occurrence that does not pose any security issues to our users.
The patch reached a limited number of Norton customers and has
subsequently been pulled from further distribution. Norton users are
fully protected and do not need to take any action as a result of this
issue.
There has been activity in the Norton User Forum related to PIFTS.exe
which has generated additional concern and media speculation. At
approximately 10:30pmET Monday March 9, Symantec detected that our
User Forum boards were being abused by an individual or individuals.
One individual created a new user account and posted about the name of
the patch executable, PIFTS.exe. Within minutes, several dozen user
accounts were created commenting on the initial thread, and/or
creating new threads on the topic. Over the next few hours, over 200
user accounts were created. Within the first hour there were 600 new
posts on this subject alone. While the intent of the spammer(s)
remains unclear, there were no malicious links and it simply resulted
in a widespread communications challenge for Symantec. Below are some
examples of the forum spam we received from these new user accounts.
These forum posts contained no text in the body of the message, simply
a subject:
* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE
Symantec strictly adheres to its Norton Community Terms of Service and
does not delete postings unless they are in violation of these
guidelines. Upon determining that our User Forums were being abused,
Symantec began removing the spam posts.
Finally, it has also been reported by the Washington Post that hackers
are taking advantage of this situation. "Some of the top searches
(currently the 3rd and 4th result in a Google search) are Web sites
that try to install malicious software when you visit them." When
searching for information on "pifts.exe," Symantec strongly advises
all users to be wary of following links to unknown sites as malicious
users are attempting to use this hot topic to distribute malware.
The spammers also chose to use the comment area on my blog. I was very
reluctant to turn comments off this morning but when the number of
comments grew to over 100 and began to include profanity and sexual
material, it was time to take action. (We have to keep this site
family friendly!)"
Message Edited by davecole on 03-10-2009 12:45 PM
"I assure you we will be turning commenting back on but will continue
to monitor any possible future signs of abuse, in accordance with our
forum terms of service. I apologize for any inconvenience this
situation may have caused."
marianmerritt
"Just want to add additional comment here because of the inquiries
we've seen coming in to the forum. There's been speculation that
PIFTS.exe is sending information to a server in Africa, which is
untrue. The servers used by PIFTS.exe are located at a SwapDrive
facility in North America. Symantec completed the acquisition of
SwapDrive in June 2008, so these are indeed Symantec servers. Also,
PIFTS.exe does not collect or send any of our users' personal
information.
We will be posting a technical write-up to the forum soon with further
details on the data PIFTS.exe collects.
Tony Weiss
Norton Forums Administrator
Symantec Corporation "
Richard P.
> From The Washington Post:
>
> http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html
*************************************************************************
** List info, subscription management, list rules, archives, privacy **
** policy, calmness, a member map, and more at http://www.cguys.org/ **
*************************************************************************
