Virus conspiracy

Please tell me if this is done already, this is my first thread in the UL section and I feel like maybe I have something new.

This is a post I found on another forum I'm on, and I looked around, but it seems that everything about it just happened today.

To me, this is quite important. To both users and non-users of Norton Antivirus software. Recently a few of you may have had a popup saying that 'pifts.exe' wants to access the internet and asks for your permission.

Pifts.exe seems to be attempting to contact a server in Africa and so far it is known that it reads and records your internet browsing history. When Symantec customers posted on the forums asking about it the posts were removed and the users were banned. Banning their own customers is a little strange, just what are they trying to cover up?

Virtually no information is available on pifts.exe on the internet and when something appears the website is immediatly removed. Even Digg went down for several hours for posting about it. Furthermore, when I run a Google search for 'pifts.exe' it says there are around 300,000 results but the search has been tampered with as only two pages show.

A few moments ago the Symantec website went down for 'maintanence' and when it came back up all of the pifts posts were removed and the word 'pifts' was banned from the website.

Also, one person contributed this:

PIFTS

Public Internet and File Tracking System

It goes offshore because there's no law forbidding sending it to foreign governments. If governments want to spy on their own citizens, it is normal for them to have foreigners do it in order to get around normal restrictions about spying on their own people.

This is why there have been reports of the file sending data to Africa.

[Ana Ng]

HowStuffWorks and The Register are covering it, but no conclusions have really been made yet. Symantec's stance is, indeed, very odd here.

ETA: I wonder what the "popular urban myths site" mentioned in one of the articles is?

The thing I don't get is there's no evidence that the threads were deleted, and users were banned.

It's like me saying that Snopes won't cover the puppies-in-a-blanket myth, and that all threads started about it got deleted and all users who talked about it were banned.

It also seems that all the information on the different sites is all the same.

[Notebook]

I've been sort of keeping up with this since I heard about it this morning. I've been mostly reading up on this thread about it.

http://www.abovetopsecret.com/forum/thread444230/pg1

Yes, I realize that the topic is on a conspiracy theory board [and the layout of the board is a bit hard to navigate through], but it actually seems like there are some people posting there who have a good head on their shoulders [at least in the beginning anyway]. So far, there hasn't been any solid answers on just what the heck is going on, though it appears that certain individuals seemed to have spammed the official Norton forums to the point where they had to shut it down, though as I type this the boards are back up.

The only thing I can really get from all of this is that someone really NFBSKed up somewhere.

ETA: In regards to the deletion of the posts about the file, it seemed like there was one or two posts about it before it got spammed, so at the very least, someone noticed it before then.

[Nick Theodorakis]

Quote:

Originally Posted by AniMajor

The thing I don't get is there's no evidence that the threads were deleted, and users were banned.
...

This article has a screen shot showing evidence of a deleted post.

Nick

Nick, I see what you mean. I'm still not sure it's some vast conspiracy, though.

[CannonFodder]

Quote:

Originally Posted by AniMajor

Nick, I see what you mean. I'm still not sure it's some vast conspiracy, though.

It may not be a vast conspiracy, but if Symantec is somehow spying on their users it would be something they'd try to conceal. Their brand is already somewhat embattled.

[Notebook]

The thread I linked to has images to how Norton's message board looked earlier today--a whole lot of pifts. I think the main reason [or excuse depending on your view] why any messages involving pifts.exe gets deleted now is due to the spammers causing havoc. Granted, that doesn't exactly explain why the original posts mention in the TweakTown article, which were apparently a genuine question about something, were deleted though.

For some strange reason, I'm getting deja vu vibes here.

[Nick Theodorakis]

Quote:

Originally Posted by AniMajor

Nick, I see what you mean. I'm still not sure it's some vast conspiracy, though.

The file is real enough. One of the articles I've seen suggested it was a mistake that Symantec made in not properly identifying the file as one that would need to access the internet and that's why it got flagged.

BTW, there are reports that the bad guys are now putting up pages linking the phrase "pifts.exe" to malware, so be careful of what you click.

Nick

[quiltsbypam]

Quote:

Originally Posted by Ana Ng

HowStuffWorks and The Register are covering it, but no conclusions have really been made yet. Symantec's stance is, indeed, very odd here.

ETA: I wonder what the "popular urban myths site" mentioned in one of the articles is?

As an aside, I believe the How Stuff Works article linked to is written by our own MacHeath. (I could be wrong, of course; I often am)

[jimmy101_again]

Anybody a member of the Symantec forum? What happens if you post about "pifts"?

[ElectricBarbarella]

I have often said I refuse to trust or use Norton or Macafee... good thing I kept with that. I've used AVG Free for a number of years now and never have I had a problem.

Aww...the conspiracy is over. Norton product patch "PIFTS.exe" and Norton Users Forum

Apparently, Pifts was just a patch, and some confused user asked about it, but then the thread was invaded by a bunch of people with new accounts posting crap:

Quote:

There has been activity in the Norton User Forum related to PIFTS.exe which has generated additional concern and media speculation. At approximately 10:30pmET Monday March 9, Symantec detected that our User Forum boards were being abused by an individual or individuals. One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec. Below are some examples of the forum spam we received from these new user accounts. These forum posts contained no text in the body of the message, simply a subject:

* O LAWD IM CHOKIN ON PIFTS PLZ HALP
* OH GOD YOU GOT CHOCOLATE IN MY PIFTS
* If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
* IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
* PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
* I LOVE MY PIFTS.EXE

[Troberg]

It's not the first time Symantec has effed up:

http://blogs.zdnet.com/Spyware/?p=747
http://www.politechbot.com/p-02851.html

Not to mention their totally horrific user interface and system resource waste. That is reason enough to boycott them, especially as there are better and cheaper (even free) alternatives.