It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
SCI: Tech Fears Arise Over Norton and Pifts.exe
page: 23share:
reply to post by Zepherian
All right... Most of you guys are already there.
You've only got to get one more detail thru your thick skulls...
If you spam your OWN boards... And in your 'official' responses FOCUS ON THAT... Then you have a faite accompli effective coverup.
It's all about post facto misdirection/redirection...
You dig?
(Come on... You can do it. )
What do you need big guy...
A signed confession by the CEO of Symantec?
That would work, unless he resides in Guantanamo...
All right... Most of you guys are already there.
You've only got to get one more detail thru your thick skulls...
If you spam your OWN boards... And in your 'official' responses FOCUS ON THAT... Then you have a faite accompli effective coverup.
It's all about post facto misdirection/redirection...
You dig?
(Come on... You can do it. )
I love how the article on pc world doesn't even touch upon the real issue most people have with pifts.exe
reply to post by golemina
What in the earth are you talking about? I have no idea what that post is trying to say, either about me or about the issue in hand.
Some clarification please, as this post is totally out of context with the thread and apparently gibberish.
What in the earth are you talking about? I have no idea what that post is trying to say, either about me or about the issue in hand.
Some clarification please, as this post is totally out of context with the thread and apparently gibberish.
I used Norton for less than a week. Its such a resource hog! And its absolutely horrible trying to full remove the damn thing!
djzombie -> It has happend before and will happend again. Trend Micro did it in 2005, and Norton in 2009. Errors do happen.
Ive been reading on this topic ALL day on different forums, and still dont know what to think of it.
Trend Micro - Computerworld
Id like to think that it will become this major new topic, but im thinking this isnt all that big at all.
Symantec deleting posts - Well it got out of hand, and they just wanted to clean it up and everyone went nuts, i followed the thread on 4chan before it got deleted, and they started to plan an "attack" on the symantec forum, getting as many as possible to make accounts and start making threads about this pifts.exe
Like many others have said, wait it out and see what happens. people should be able to find somekind of information now, giving them an idea of whats going on, and deny it from getting access to the internet till further notice.
Ive been reading on this topic ALL day on different forums, and still dont know what to think of it.
Trend Micro - Computerworld
Id like to think that it will become this major new topic, but im thinking this isnt all that big at all.
Symantec deleting posts - Well it got out of hand, and they just wanted to clean it up and everyone went nuts, i followed the thread on 4chan before it got deleted, and they started to plan an "attack" on the symantec forum, getting as many as possible to make accounts and start making threads about this pifts.exe
Like many others have said, wait it out and see what happens. people should be able to find somekind of information now, giving them an idea of whats going on, and deny it from getting access to the internet till further notice.
reply to post by Zepherian
Your request for more specificity... lacks the necessary specificity.
(Idioms... So literal. They are a blessing and a curse. )
I'd tell you to reread the thread... But at 23 pages and counting, I'm not that much of a sadist.
My basic theme is the crime fits the personality.
Point to the part that confuses you.
PS. Like WAITING is going to shed any light. The only piece missing is a disassembly of the actual code. There is so much filler in a WinBlows exe that there isn't really a lot of code to dissect...
[edit on 10-3-2009 by golemina]
What in the earth are you talking about? I have no idea what that post is trying to say, either about me or about the issue in hand.
Some clarification please, as this post is totally out of context with the thread and apparently gibberish.
Your request for more specificity... lacks the necessary specificity.
(Idioms... So literal. They are a blessing and a curse. )
I'd tell you to reread the thread... But at 23 pages and counting, I'm not that much of a sadist.
My basic theme is the crime fits the personality.
Point to the part that confuses you.
PS. Like WAITING is going to shed any light. The only piece missing is a disassembly of the actual code. There is so much filler in a WinBlows exe that there isn't really a lot of code to dissect...
[edit on 10-3-2009 by golemina]
SOP in software security is to protect your customers by keeping silent, until you have a fix. You do not publicize the problem till you can defend
against it. Otherwise you are telling all the bad guys about an opportunity to roll your customers.
Silence from software security types should not be assumed to be guilt.
They may be unable to speak without jeopardizing customer security.
It is possible and a frequent occurance.
Silence from software security types should not be assumed to be guilt.
They may be unable to speak without jeopardizing customer security.
It is possible and a frequent occurance.
I like how now the official line is "well 4chan raided us and so we had to delete everything" when they knew full well that legitimate threads were
being removed long before /b/ got hold of it.
In all seriousness it wouldnt be too difficult to fake a lot those Anon posts either just to get the ball rolling, kind of like the police plants you always find at peacefull protests who start hurling rocks at the police to give them an excuse to wade in with horses and batons.
In all seriousness it wouldnt be too difficult to fake a lot those Anon posts either just to get the ball rolling, kind of like the police plants you always find at peacefull protests who start hurling rocks at the police to give them an excuse to wade in with horses and batons.
reply to post by Cyberbian
In this case the actions of the file in question speaks volumes about their silence. It is fishier than the Tsukiji fish market in Tokyo..
They are having an 'ooooooh $%t we dropped the ball' moment, and are trying to formulate a response. Kinda like NIST and the 9/11 lie.
In this case the actions of the file in question speaks volumes about their silence. It is fishier than the Tsukiji fish market in Tokyo..
They are having an 'ooooooh $%t we dropped the ball' moment, and are trying to formulate a response. Kinda like NIST and the 9/11 lie.
Someone with norton do a virus scan after they block PIFTS.EXE to see what happens. Might see something interesting pop up that Norton was previously
letting through
Originally posted by GhostR1der
there is no need for that program pifts.exe to contact that particular server, collaborate data and the various changes it makes.
that's actually an excellent technical point. When a security program acts like spyware, why the HECK would anyone want it? It's a resource hog, we all know that, and here they go adding another do-dad who's purpose MIGHT be a lot of things, but none of them seem to be providing end user security.
Poster from /g/ who asked for /x/'s help here.
Poster from /g/ who asked for /x/'s help here.
Fascinating, they call it a simple update? It is not.
The program analyzed:
anubis.iseclab.org...
It clearly goes through and scrapes your history, temp files, cookies, etc, and it tries to contact a shady online storage place they recently acquired. Let's do a lookup on swapdrive! 67.134.208.160:80 is where PIFTS.exe asks to connect to.
Domain Name: SWAPDRIVE.COM
Administrative Contact:
Wallace, Marc
Web Data Group, LC
Poster from /g/ who asked for /x/'s help here.
Fascinating, they call it a simple update? It is not.
The program analyzed:
anubis.iseclab.org...
It clearly goes through and scrapes your history, temp files, cookies, etc, and it tries to contact a shady online storage place they recently acquired. Let's do a lookup on swapdrive! 67.134.208.160:80 is where PIFTS.exe asks to connect to.
Domain Name: SWAPDRIVE.COM
Administrative Contact:
Wallace, Marc
Web Data Group, LC
Originally posted by MoothyKnight
Someone with norton do a virus scan after they block PIFTS.EXE to see what happens. Might see something interesting pop up that Norton was previously letting through
Ive got Norton 360 on 3 of my 5 machines, two of which run my online radio stations and not a single one of them have this pifts garbage everyone is talking about.
My machines with Norton updated this morning and no popups came up asking to allow this file access.
I just ran a virus scan on all 3 as you requested, nothing.
I am behind 5 hardware firewalls and two of those are industrial type routers, so nothing can come in or go out unless I specify it can.
I suspect that maybe there is alot of people going to sites they shouldnt be and ending up with this exe because of such surfing activity?
All quiet here, all clean here.
Cheers!!!!
Unfortunately this did not post correctly when I posted it and the Majority of it did not show up when I posted it.... Coincidence? so I deleted the
whole thing
-Kdial1
[edit on 10-3-2009 by kdial1]
-Kdial1
[edit on 10-3-2009 by kdial1]
Originally posted by fooffstarr
reply to post by RFBurns
That is because you have Nortons 360.
It only affects 2006/2007.
Thats good. So if everyone who is crying wolf would update their Norton then there would be no huff and puff and blow the house down scenario.
So why all the fuss over this by users of other AV programs?
Just to ride the tide and enjoy the glide?
Well its been an interesting event to watch anyway. Almost like watching a pack of bugs scattering when the light comes on!!
Cheers!!!!
reply to post by Cyberbian
I think you're mixing up the words silence and silencing. They're not only not saying anything, they're stopping US from saying anything.
I think you're mixing up the words silence and silencing. They're not only not saying anything, they're stopping US from saying anything.
It is important that we get this information out to everyone out there we know if in fact this is being used for intelligence gathering. This would
be the biggest conspiracy and biggest form of the federal government gone rampant ever. I urge everyone to research as much as possible on this and
do not let them cover this up with a cover story. Get to the bottom of this right now. I had a longer post I wrote 5 minutes earlier than this one
but unfortunately it was deleted and or did not post correctly.
Keep up the good work everyone, it is up to us to uncover this. The MSM will have no part of this. I pray for United States of America and all of her citizens.
DON'T TREAD ON ME!!
-Kdial1
Keep up the good work everyone, it is up to us to uncover this. The MSM will have no part of this. I pray for United States of America and all of her citizens.
DON'T TREAD ON ME!!
-Kdial1
God i cant believe nones are finding that really scary
that update is is looking for your internet history and NONES are finding it scary, it contact a shady military stuff and NONES cares
i posted a tracert map with the destiantion route and NONES said anythings
like "oh ok its cool guys , Symantec is (snip) us in the (snip) , how fun!"
(ha finally some peoples are wakin up)
[edit on 10-3-2009 by OTTOKARMA]
Mod Edit: Profanity/Circumvention Of Censors – Please Review This Link.
[edit on 10-3-2009 by asala]
Click on " Competitive intelligence." Interesting! They talk about military intelligence gathering right on the page. So this "update" is scraping internet history and temp data and trying to contact a company who does online storage with shady ties to intelligence gathering. If it is datamining, Americans need not be surprised, we had AT&T do it on our phones and some act as if our computers are immune. Hey, let's look more into one of the owners of Swapdrive in the Web Data Group! There are more interesting people than Marc Wallace.
that update is is looking for your internet history and NONES are finding it scary, it contact a shady military stuff and NONES cares
i posted a tracert map with the destiantion route and NONES said anythings
like "oh ok its cool guys , Symantec is (snip) us in the (snip) , how fun!"
(ha finally some peoples are wakin up)
[edit on 10-3-2009 by OTTOKARMA]
Mod Edit: Profanity/Circumvention Of Censors – Please Review This Link.
[edit on 10-3-2009 by asala]
The previous post about the file padding is incorrect, what it shows is the program at sometime gets passed to UpdateResource, presumably something in
the file changes. Possibly depending on local language settings etc.
If you want a read up on why it has PADDINGXX, look here:
www.codeproject.com...
I have a copy of the program now so I will look at what it does exactly tomorrow.
Looking at the site posted earlier that shows registry, file access etc. That is not necessarily norton accessing those files. That could be performed by other libraries that the file needs to open a network connection to send it's data back to the stats.norton.com. I guess those sites list those file accesses as they are listing everything that gets accessed while the sample.exe process is live.
If you want a read up on why it has PADDINGXX, look here:
www.codeproject.com...
I have a copy of the program now so I will look at what it does exactly tomorrow.
Looking at the site posted earlier that shows registry, file access etc. That is not necessarily norton accessing those files. That could be performed by other libraries that the file needs to open a network connection to send it's data back to the stats.norton.com. I guess those sites list those file accesses as they are listing everything that gets accessed while the sample.exe process is live.
new topics
-
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 3 hours ago -
Electrical tricks for saving money
Education and Media: 6 hours ago -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 8 hours ago -
Sunak spinning the sickness figures
Other Current Events: 8 hours ago -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 8 hours ago -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 10 hours ago
top topics
-
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News: 8 hours ago, 9 flags -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest: 12 hours ago, 8 flags -
Electrical tricks for saving money
Education and Media: 6 hours ago, 4 flags -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three: 16 hours ago, 3 flags -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues: 8 hours ago, 3 flags -
Sunak spinning the sickness figures
Other Current Events: 8 hours ago, 3 flags -
Late Night with the Devil - a really good unusual modern horror film.
Movies: 10 hours ago, 2 flags -
The Good News According to Jesus - Episode 1
Religion, Faith, And Theology: 14 hours ago, 1 flags -
God's Righteousness is Greater than Our Wrath
Religion, Faith, And Theology: 3 hours ago, 0 flags
active topics
-
How ageing is" immune deficiency"
Medical Issues & Conspiracies • 34 • : angelchemuel -
Nearly 70% Of Americans Want Talks To End War In Ukraine
Political Issues • 13 • : Freeborn -
Mood Music Part VI
Music • 3101 • : ThatSmellsStrange -
VP's Secret Service agent brawls with other agents at Andrews
Mainstream News • 41 • : ThatSmellsStrange -
HORRIBLE !! Russian Soldier Drinking Own Urine To Survive In Battle
World War Three • 32 • : DaRAGE -
New whistleblower Jason Sands speaks on Twitter Spaces last night.
Aliens and UFOs • 55 • : baablacksheep1 -
Cats Used as Live Bait to Train Ferocious Pitbulls in Illegal NYC Dogfighting
Social Issues and Civil Unrest • 20 • : Asher47 -
Electrical tricks for saving money
Education and Media • 4 • : Lumenari -
DONALD J. TRUMP - 2024 Candidate for President - His Communications to Americans and the World.
2024 Elections • 514 • : WeMustCare -
The Acronym Game .. Pt.3
General Chit Chat • 7744 • : bally001