SCI: Tech Fears Arise Over Norton and Pifts.exe

reply to post by SiONiX


I completely agree with you.
This story is no where near being debunked. From what I've read the program was included in the last update via the "live update" Norton feature. Which would mean it is indiscriminately being spread across the internet. Maybe in hopes that people will get it on their computers without knowing more about what it really is and what its true purpose is. Especially seeing all the deletions involved with Norton forum threads and even the deletions on yahoo questions... LOL. They want us to be in the dark. At least It definately seems that is the underlying motive behind deleting all the internal threads they can about it..

The guy in my last post sais he talked to tech support and asked them about it but they said it wasn't even on google? That, itself, is a blatant lie. Trying to squeeze answers out of them right now is impossible too. Alot of people have tried.

As per the narcotics forum on ATS, That is currently being discussed internally from what I've been reading.. Especially since they've had 3 or 4 forum violations condoning the use of illegal substances in the first 48 hours of the forum's creation. The last post I read from Skeptic Overlord sais they have taken care of it internally (by banning the members responsible) but that they are currently deciding what coarse to take.

I read that here btw:
www.abovetopsecret.com...

reply to post by pjslug


It's because Gemwolf is in South Africa.

That should solve that

reply to post by pjslug


That's cause they're searching on google.co.za

I think it's about time that whatever all this cross company shenanigans malarkey is about should come out.

There must be a few 'key people' who are undervalued and in the know.

Some more whistleblowing (on top of the genius person who didn't sign it) should come forward.

-m0r

reply to post by pjslug


Because he's from SA?!!!

Check the URL you used, www.google.co.za

too slow! info was already posted

[edit on 3/10/2009 by agent violet]

Originally posted by DJMessiah

I'm thinking a Norton programmer either made a major flub by not adding a certificate to the hidden program, or they knew that the program was malicious and wanted to expose it for others to see, by not adding a certificate.

[edit on Tue Mar 10th 2009 by DJMessiah]

Im seeing your point along the lines with what you said there but if it was released and they knew it was malicious that would be saying that Symnatec is the good guys but just cannot say so as someone has their throats because they have admitted it is a legit update.

Could also mean that some employees disagree with whats going on as well.

Would make an even bigger conspiracy than it already is.


[edit on 10-3-2009 by XXXN3O]

reply to post by BlasteR


That's OT. By mentioning this I just wanted to point out that sticking your head into the sand won't resolve the issue and creates only more outrage, instead the responsible persons have to come out of the dark and handle it properly (as ATS owners did, imho).

*Grabs his nerd-popcorn and awaits next move*

This thread is moving so quickly that I really thought it was only 4 pages long when I posted earlier. Now it is 22~ **I THINK**

I don't think it is debunked yet. So they didn't sign something they meant to sign. So they snuck a program into some of their users and by nature of not signing it, it was caught.

What intrigues me is that someone would SPAM the boards as they did, was this whole episode intentionally designed by someone?

Regardless of coverup or conspiracy, the way the thing WAS USED to spread viruses is quite amazing. It is almost as if it took on a life of it's own...or..my question...was it birthed?

The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution.

Hello hello?
Its been pulled?
Oh noes then why was it there in the first place?
It must have been OOHHHHHH so important.
You mean, the person who was meant to sign it, didn't.
Because they new it was malicious.
And sent it out on purpose unsigned to show people what they are doing.

A diagnostic patch?
For Norton Internet Security and Norton Antivirus 2006 & 2007.
That doesnt even have the swapdrive backup facility.
To send data to swapdrive, that is co run by webdatagroup LLC in Arlington VA?
Complete bs lies from them.

The file actually performs a DNS lookup on the following URL:
stats.norton.com [67.134.208.160]

and attempts to download the following file [no data returned]:

hxxp://stats.norton.com/n/p?module=2667&product=unknown&version=-1&e=-1&f=-1&g=-
1&h=-1&i=0&j=-1


It also creates [later deletes] the following file:

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5E7EYQDH\p[1]

It starts some processes and fiddles with Registry entries as well

reply to post by CaptainCaveMan


Exactly, if it was not malicious why not sign the damn thing and release it in another patch?

Wonder if it will be re-released in the next after it is now pulled.

Damn they must have a headache now

Originally posted by agent violet
Just found this whilst surfing:

www.thetechherald.com...

Norton’s Community Forums were raided by 4Chan, from the online Anonymous community at 4chan.org.

I will be taking all of that with agrain of salt, and keeping the tin hat secure.

Isn't it somehow troubeling that all the "major" tech sites that caught up on this matter now try to debunk it, without further questioning the purposes of the patch. The disassembling clearly showed that it messes with IE cookies (history?) and appearently Google-related stuff, too.

Why is this all swept under the carpet, and all blamed on those all-evil 4chan guys (I'm used to the "4chan did it", but the whole 4chan/"/b" mess was just a symptome for a yet not explained cause...).

reply to post by SiONiX


I was just thinking that this could actually be a false flag with the official shape it is now taking.

The beginning of a deliberate attempt to allow the creation of some more regulation of the internet.

Not that far fetched if you think about it with all the stink this little file has caused.

[edit on 10-3-2009 by XXXN3O]

Reposting image, its self explanating the whole thing, PIFTS. exe is contacting something in Washigton DC and its NOT symantec

I mean , when i resolved the sub-host IP, sonar went poof and just got a .gov adress back ping


the adress scanned is the same as OP posted

Originally posted by wiredamerican
This Pifts.exe seems a bit strange . Take my advice and do not use norton. Norton uses WAY too much system resources.

I would recommend Kaspersky. I have not read one bad thing about it and I looked for weeks to find a good program. Of what I have read, it has a superior ability to detect and remove viruses, spyware, malware...etc and it uses less resources. Also you can even set it to update the definitions every hour and it gives real time protection. I am not a computer specialist, but I did look around for quite some time before my McAfee expired as I was not real happy with that and as everyone here is saying the Norton I had before was a drain on resources.

This reeks of govt rubbish and a coverup from red handed big corp...

I'm one of those guys that can fix just about anything on a computer.... there is no need for that program pifts.exe to contact that particular server, collaborate data and the various changes it makes. To me diagnosing a machine top down for a hidden virus and manually removing it, I would treat it as one with that behavior alone.... it is not a good thing to have.

Problem is your average joe sixpack don't know that norton is rubbish that should not be installed at any time. It comes bundled with so many PCs it is quite hard to get away from.

The fact that they deleted threads asking legit questions prior to 4chan spamming the board means this is stinkier than some fresh buds, and they keep trying to hide it in a cheese grater!

Tsk tsk tsk. Hopefully this will spread even further. Another one to chalk up on the 'waking sheep up' board....


edit: and I'd recommend NOD32. Tiny system footprint (It's not like your PC lugging around an oxen on your back, to use its tail as a fly deterrent), lightning fast scans, picks up more viruses etc etc.

[edit on 10/3/09 by GhostR1der]

Originally posted by golemina
reply to post by Zepherian

 

No, what I said is that untill a definitive account is on the table the conspiracy theory is valid. I'm not saying the the conspiracy is real, it is mearly a framework for investigation.

In short, there is a difference between speculating and knowing. I speculate that the conspiracy is the reality, but I don't know it is at this point. Untill a more solid explanation is on the table my speculation is valid. An opinion is not an account.

What do you need big guy...

A signed confession by the CEO of Symantec?

That would work, unless he resides in Guantanamo...

Hi everyone,

We're working on releasing more information and finding the answers to everyones questions. We're working with the proper teams to get more insight as to what has happened, and what certain things do. We know that this is a big important issue and we're working hard to get the best answer for everyones questions. This will not be something that we will "sweep under the rug" or ignore. Please be assured that we are taking this matter very seriously and will provide everyone with more information once we have it all gathered.

In the meanwhile, please be sure to abide by the Participation Guidelines and Terms of Service. The Administrators and Moderators on the forums primary role is to enforce these guidelines. We will continue to do so even while we are gathering information. Please bear with us while we work to get the answers for everyone as quickly as possible.

Cheers,
Tim Lopez
Norton Forums Administrator
Symantec Corporation

You don't release a patch for an antivirus that millions of people use without knowing what it does first. This reaks of bull#.

community.norton.com...

[edit on 10-3-2009 by djzombie]

I've found this:


Bad Symantec Update Leads to Trouble

Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe.

reply to post by Hellmutt


We are getting some recognition from PC world.

"Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about PIFTS.exe," wrote one poster to the Abovetopsecret.com Web site. "If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall."
Link

-Kdial1

[edit on 10-3-2009 by kdial1]