Is symantec covering things up ?

Ragwing · March 10, 2009, 5:28pm

Actually, I was just looking for a place where I could find this file, but I found a download link. And it’s nice to hear from you too.

It’ll be interesting to see what this really is… there seem to be many theories about this one, ranging from that it’s only a part of Norton updater, while some other even go far enough to say it’s FBI’s Magic Lantern. 88)

alaertsxan · March 10, 2009, 5:31pm

I think it’s or a trojan or a private keylogger from Symantec …

Xan

Banjan · March 10, 2009, 5:33pm

!ot!
The thing that looks like a cake is a “semla”: a traditional pastry in the nordic countries…

I’m still getting surprisingly few google returns on a search for pifts.exe. In fact, the results are the same as 10 hours ago or so (17 “primary” returns I believe). Are you seeing more search results or what?
I’m following this story, real-time, with some kind of morbid fascination. ;D

Ragwing · March 10, 2009, 5:40pm

67.134.208.160 belongs to SwapDrive, which is a part of Symantec. Port 80 open. >:-D

I just had a phone call from a Symantec employee confirming the program is theirs, part of the update process and not intended to do harm, more to follow, stay tuned.

Source: SANS.edu Internet Storm Center - SANS Internet Storm Center

Shouldn’t their update program be allowed by default? 88)

Banjan · March 10, 2009, 5:44pm

Mainstream media are starting to pick up on the thing:

http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html

who_te_fuc · March 10, 2009, 10:21pm

Thanks for asking Xan, but its not my birthday… ;D

Here is nortons official response:
http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119&jump=true

jeremysbost · March 10, 2009, 10:41pm

I have made a post on it:

Yeah, I know. It is tiny compared to others’, but, well, it’s just a blog. ;D

Kyle142 · March 11, 2009, 12:21am

Wonder when we will hear from Vettech? >:-D haha

jeremysbost · March 11, 2009, 1:19am

That’s what I was thinking. lol

system · March 11, 2009, 2:26am

Our beloved Vettetech is spamming Kaspersky’s forum now, by the name of Dieselman (15 posts a day). lol, he’s jumping around like a frog and advertising his setup as usual.

http://forum.kaspersky.com/index.php?showtopic=107770

Kaspersky’s moderator removed my post lol ;D

Bad_Frogger · March 11, 2009, 6:40am

More…

Symantec update triggers firewall, many wounded
PIFTS.exe conspiracy of its own making

http://www.theinquirer.net/inquirer/news/364/1051364/symantec-update-triggers-firewall-wounded

Later

Banjan · March 11, 2009, 8:17am

What does this mean to Symantec? Personally, I’m sure the file itself is most likely what they say it is: a harmless patch (which doesn’t take the fun out of watching conspiracy theories in the making though).

The interesting thing is of course how they handled the whole thing. Deleting lots of legitimate questions on a support forum istn’t quite compatible with user confidence in one’s product. I think they simply paniced. Knowing that “trust” and “confidence” are at the core of running a computer security company, they didn’t want to immediately confess they did a mistake, instead hoping that the issue would ■■■■ over.

Which it didn’t, of course. So I think it would be fair to say that Symantec will have a hard time regaining their (for all I know) good reputation, at least short-term. In the long run it probably won’t matter too much, although I can imagine this story being told as an anecdote in future AV/FW product reviews.

In the meantime, let’s hope that upset Norton users take a closer look at Comodo…

who_te_fuc · March 11, 2009, 9:05am

Well I have to agree thse guys spamming where funny…

* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE 
* PIFTS ATE MY BABY
* PIFTS FIXd MY CAR THANK YOU NORTON 
* FRESH PFITS OF BEL-AIR  ;D :D

And similar…

Too bad I did not copy some of them when posted…

Banjan · March 11, 2009, 9:22am

+1

Yeah, it got completely ridiculous after a while. I visited Nortons’ forums before things got out of hand, and the questions posted then were all perfectly civilized. Yet, Symantec felt it was somehow a good idea to censor all threads regarding the mysterious file.

It was all good entertainment yesterday, watching the snowball growing ever bigger. Almost like a 21st century, digital version of a Greek play or whatever…

Kyle142 · March 11, 2009, 11:30am

LOL

GakunGak · March 19, 2009, 9:37pm

Well, there was a claim that file goes into IE temporary files, looks into Google Desktop etc…
What wonders me, [and yeah, I am a conspiracy theorist, or more a fan if you like], if it was indeed their file, why there was no digital signature in it? 88)
Also, what does it transmit to SwapDrive? Some people are saying FBI fellas are right next-door to that building…
Someone blew up big time!
If they wanted to know how many are using different versions of a software, why not check cd-keys which they require for updates?
I don’t like spying, unless I know about it… :P0l