It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by golemina
Has anyone posted a binary image of the EXE in question.
Yes, see page one. I have verified that the MD5 checksum in the RAR linked there matches the checksum in Symantec's post.
Originally posted by eonpeon
PIFTS = Personal Information File Transfer System...?
There you go! The clue is in the acronym!
Originally posted by ANNED
Or do i have to worry in the future about some government agency getting a list of all the web sites i go to and knocking at my door.
here it is from page 1 of this thread
Originally posted by choujeap
Somebody over at /g/ managed to finally track down the actual executable and all of its creepy files.
I present to you, Pifts.exe.
Scanned by Spybot, MBAM and McAfee-- it's "clean", but I wouldn't go opening that .exe just yet.
Open them up as .txt and look through them-- there's evidence in the .pf that it's doing something with the Internet Temporary Files, the History, and, for some reason, Google.
All the strings in the .exe for your perusal.
I personally have no idea how they're thinking it's contacting Africa-- the two IP addresses given by the Tech blog don't resolve to it in any way, just Washington Swapdrive and Microsoft Search Companion.
Originally posted by Ian McLean
Interesting string from PIFTS.EXE:
Bad Symantec Update Leads to Trouble
Robert McMillan, IDG News Service
Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.
Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe. "In a case of human error, the patch was released by Symantec 'unsigned,' which caused the firewall user prompt for this file to access the Internet," wrote Symantec spokesman Dave Cole in a forum post explaining the problem
"Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about PIFTS.exe," wrote one poster to the Abovetopsecret.com Web site. "If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall."
Hi everyone, No doubt you've read the Official Statement about PIFTS.EXE and the reasons why many posts were removed from this forum. There was no "conspiracy" or "cover-up" - someone was spamming our forums, and we took action to remove these posts. As it increased over a few hours, many threads were removed, and several users were denied access to post in the forums. We were gathering information to distribute, and I'm sorry it took this long to post the info to everyone.
Originally posted by deviantillusionz
I immediately started checking my updates and logs. But it was not there. I wonder if it was sent out on all versions of Norton? I read earlier on Wilders Security that they were pretty sure it was included in updates for Norton 2006 and 2007 products, but wasn't certain.