What is Pifts.exe?

Posted on March 10, 2009 - 10:49am

Do you run Norton Antivirus?

Monday evening, on systems with Norton Internet Protection running, users began to see a popup warning about an executable named PIFTS.exe trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder.

Concerned users turned to the Norton forums with their questions. There were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The initial thread received several thousand views and several pages of replies in a few short hours before being deleted. Several subsequent posts to the Norton forum were deleted much more quickly and users are now getting banned from the forums for any mention of Pifts.

This behavior could easily be interpreted as a cover up and has gotten many users more than a little agitated.

There's very little info about the behavior of the program other than the fact that it attempts to send info to servers in Africa. A few blogs have started tracking the news (better than I could) such as Bull3t's Blog and Chrysler5thAvenue with updates. News of Pifts.exe has also appeared on The Washington Post, Slashdot and The Inquirer in addition to being submitted to sites like Digg and Reddit. Adding to the mystery, Google Trends' numbers seem to be reset, with Pifts.exe searches skyrocketing and then just dissapearing. Note: Google searches for more info are still largely useless and top results are linking to malware sites (likely an automatic response to increased searches).

Nothing to worry about? Unwise move by Norton? Security breach? Hoax? I guess we'll have to watch and see...

Jason's blog
2548 reads

Similar Stuff

Ads by Project Wonderful! Your ad here, right now: $0

Comments

Submitted by Graham Cluley, Sophos (not verified) on March 10, 2009 - 11:29am.

I've published some more information about the PIFTS and Symantec mystery on my blog at sophos.com. Our feeling is that this is more likely to be a cock-up than a conspiracy. Normally something like this has a very down-to-earth explanation. http://www.sophos.com/blogs/gc/g/2009/03/10/mystery-symantec-pifts/ Regards Graham Cluley, senior technology consultant, Sophos PS. I've also taken the liberty of re-using the graphic of ZoneAlarm intercepting PIFTS - I hope that's okay. Let me know if not.

Submitted by Graham Cluley, Sophos (not verified) on March 10, 2009 - 11:29am.

Submitted by mike (not verified) on March 10, 2009 - 12:13pm.

This behavior is completely odd. But just FYI if you do a whois on 67.134.208.160 it comes back to SwapDrive, a company Symantec recently acquired, not a computer in Africa. Just wanted to share that info! Cheers.

Submitted by Patrick D. (not verified) on March 10, 2009 - 9:53pm.

Have you met my friend, AVG? (http://free.grisoft.com)

Submitted by Jason on March 11, 2009 - 11:51am.

Of course! I'm laughing at all of this BS because I use AVG and Zone Alarm. Norton customers deserve punishment.

u cant hack or nothin, I got norton's picture

Submitted by u cant hack or nothin, I got norton (not verified) on March 12, 2009 - 1:50am.

Norton is lying. People have asked about PIFTS for months and they've always banned everyone who asked. Only after 4chan got involved did this get attention. PIFTS is a rootkit they use to spy on your computer and give your personal data to google, the US government, and some server in Africa.

Submitted by Mary (not verified) on October 27, 2009 - 1:20am.

I refuse to install Norton on my computer. It's just as bad a getting a vrius. It's slows your computer down, has annonying pop-ups, and is impossible to install. Makes me angry just thinking about that POS software.

Resveratrol 60 Minutes

What is Pifts.exe?

Similar Stuff

Comments

Post new comment

User Login

Navigation

Popular Posts

Today's:

All time:

Blog Roll