SCI: Tech Fears Arise Over Norton and Pifts.exe

I got rid of Norton off of all of my comps a couple years ago. I only used to use them till I found out how much they were slowing down my computers. It has been known in the underground that Norton already writes their own viruses and spreads them so people will sign up for their service. Im nearly 100% positive they do work hand in hand with the Federal Government on issues so this being some sort of spy software or tracking software would not surprise me at all.

reply to post by PammyK


That was probably antivirus xp 2008 or antivirus xp 2009. If you go to www.malwarebytes.org... and get the free anti-malwarebytes program it will remove that, and all of the other things the 49$ bought you.

Hope this helps.
..Ex

reply to post by notreallyalive


I wrote an email to them as above earlier in this thread.

They confirmed it is legitimate and in the download when they replied to me, they will be making a statement shortly.

[edit on 10-3-2009 by XXXN3O]

I just had to get in on this!


My email to '[email protected]', '[email protected]'

There has been a lot of discussion lately across the internet about pifts.exe being a backdoor propagated by your parent company (Symantec). Several tech people I know have evaluated this executable and found it sends private information to your company’s servers.

I would like an official comment from your company, before I remove all Symantec products from my company’s systems and cancel all contracts with Symantec on the basis of contract and privacy violations.

I am in the office today until 6pm EST. Below is my personal 800 number that comes directly to my desk.

I'll let you know if/when I get a response.

They'll probably come out and say it was all an "exercise", and that they released a harmless file in an update to track how malicious rumours and heresay propagate on the web.

One big cover up! earlier on google i was getting decent information from searching google! now they are removing search results... This thread was third and now its not even showing!!!

Originally posted by tommyboy1981
One big cover up! earlier on google i was getting decent information from searching google! now they are removing search results... This thread was third and now its not even showing!!!

They can run...
but they can't hide!
ATS is watching them - watching.

Update, 12:46 p.m. ET: The bad guys know that people are interested in this search term, and appear to have latched on to it already. I'd advise readers to be extremely careful about randomly clicking on every link returned in a Web search for "pifts.exe": Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them. Both results take you to sites that use Javascript attacks to try and foist rogue antivirus products (ah, the irony).

voices.washingtonpost.com...

washington post has the story.

edit: also something to consider.

If it's proved that this does indeed violate their own terms of service, why can't everyone using it file a class action law suit. Which, aside from examining the file directly myself, most sources say it does.

hurt them where it counts, their wallet.

edit 2: community.norton.com...

seems like they missed a thread, its been up for a while now. is this directly related? I've not read alot on magic lantern, and what I have read suggests that its a data mining software used by agencies in the US, fbi, or cia.

heres the text of the thread in case it gets deleted.

I have a question concerning to a matter of privacy. I want to know officially if NIS09 detects and block/remove Magic Lantern and other "specially" spyware like this, that are illegal in my country due to laws of data protection and privacy. . I know this is an old topic, but I until 2008 he used a different brand of security software, and I want to know where they stand on whether NIS09 it really protect. I lives in Spain, is any difference in policy directives if NIS09 is registered and used in Europe? Thanks in advance. Real time: NIS 2009 v16.2.0.7 On demand: Malwarebites Anti-malware

what I've read about magic lantern, also suggests what the above post suggests, norton is making their software intentionally not detect this magic lantern spyware, probably on behalf of the government.

[edit on 10-3-2009 by djzombie]

always knew these AV companies had something sinister about them

I found this at theinquirer

www.theinquirer.net...

The panic probably isn't being helped by the fact that one possible acronym for PIFT is Protocol Interbank File Transfer!

Could this be it?

Peace!

If it was just Symantec, and Swapdrive, then ok.
But the Arlington PO BOX, and Maryland address, is a little weird.

SwapDrive, Inc.
1313 F Street, NW
Fourth Floor
Washington, DC 20004
Tel: 202-393-9900

Symantec
20330 Stevens Creek Blvd
Cupertino, CA 95014
US

Webdatagroup LLC
PO BOX 7241
ARLINGTON, VA 22207-0241
US

4705 DeRussey Pkwy
Chevy Chase, Maryland
This address, is residential housing, and just sold homes for 1.9 million+.
It is right next to a country club.

Swapdrive is located like a mile from the whitehouse.
Thats fairly convenient don't you think
[atsimg]http://files.abovetopsecret.com/images/member/05a8c57d682c.jpg[/atsimg]


[edit on 10-3-2009 by CaptainCaveMan]

Just out of interest Edward A Mueller the chairman of QWest is also linked to these guys Mckessen

According to Forbes he's a director.

Mckesson wiki

previous mckesson ATS mention here 2nd post down.


Dunno if this is all connected...but still interesting.

reply to post by tommyboy1981


Yeah, i bet he uses his own custom built one that actually blocks viruses(lol pun intended)

Yea, there is some strange stuff happening to computers these days... but nothing that unusual. we are getting some pretty nasty bugs that contain Chinese Characters (which, I can not read)... Norton and Mcafee are untrustworthy in my opinion. and yes, you guys are on to something//

Pif I think is a DOS batch sort of file TS probably means Tough Shi^.

If this is valid then someone could be accessing Bios systems since they are the only systems left that use direct code such as a PIF.

hope my 2cents points you where you need to look....

next opportunity according my schedule is May 3rd. should I pencil in a research session... ?

We are currently working on the WTC7 collapse model data...

If I had to venture a guess as to what is going on, I would say that this is a simple statistics collecting app which Symantec included in an update without being prepared for a negative community/user reaction. They ought to have a statement about the file released very soon.

Right now one of the biggest threats to cyber security is botnets and associated id theft. Botnets are spreading rapidly and conventional AV scanners seem rather inepts at detection. It is possible (but pure speculation on my part) that the data this utility is collecting is rootkit or botnet 'fingerprints'.

The problem is that it does not look like Symantec included the requisite 'opt in' for this type of program behavior. I have not used this product in ages, so unless the main product installer had such 'opt in' language such as
"This product may send data back to Symantec in order to better identify new risks bla bla bla, please check here if you would like to disable this feature bla bla bla" then the update should have.

It will be a PR nightmare for Symantec if this is the case because customers will no longer trust them.

I doubt there is any sinister side to this app. The URLs resolving to the DC area is just because that is where swapdrive servers are located. For those who don't know, Symantec is famous for purchasing other technologies/companies and then eventually ruining them by making them bloated and buggy. They acquired swapdrive recently.

If the govt wanted to spy on bad guys, they would infect popular hacking tools instead of Norton. What advanced hacker or id theft ring would use Norton?? None.
So, why in the world would gov't care about aunt betty's doll collection? They don't.

I am inclined to believe that this is just a mistake by Symantec. Either a product not intended for release got accidentally included in an update package or the product is sending environmental data without asking for user consent.

reply to post by nydsdan


www.swapdrive.com...

True, swap drive has been bought by symantec.

Might also explain why the traces ends with Qwest. Due to the fact SwapDrive is a high security storage system.

[edit on 10-3-2009 by Cyberzone]

I found this on the norton site. I searched with no .exe extention. I wonder if it's the same file?

community.norton.com...

Originally posted by kuhl
Just out of interest Edward A Mueller the chairman of QWest is also linked to these guys Mckessen

According to Forbes he's a director.

Mckesson wiki

previous mckesson ATS mention here 2nd post down.


Dunno if this is all connected...but still interesting.

McKesson is currently working on implementing an EMR healthcare system in my area to integrate and share all healthcare data between facilities as well as delivery of all pharmaceuticals.

The problem is not symantec or swapdrive.
The problem is the COO Ronald Schumann and CTO Marc Wallace of symantec.
Its like they are running there own little side business.
Which could be involved in selling peoples information to the pentagon.
This could be why, there was no announcement.
Perhaps the CEO and board, doesn't even know.
Both these guys have long military involvement and history's in electronic intelligence.
But mostly Schumann.
I wouldn't trust him.

Originally posted by MajesticJax
I just had to get in on this!


My email to '[email protected]', '[email protected]'

There has been a lot of discussion lately across the internet about pifts.exe being a backdoor propagated by your parent company (Symantec). Several tech people I know have evaluated this executable and found it sends private information to your company’s servers.

I would like an official comment from your company, before I remove all Symantec products from my company’s systems and cancel all contracts with Symantec on the basis of contract and privacy violations.

I am in the office today until 6pm EST. Below is my personal 800 number that comes directly to my desk.

I'll let you know if/when I get a response.

UPDATE:

My email was read so Swapdrive/Symantec has it:

Read: Future Business Eric Lindbom [[email protected]] Tue 3/10/2009 2:06 PM

Will keep you posted.