SCI: Tech Fears Arise Over Norton and Pifts.exe

reply to post by Strype


Theres a link in this thread somewhere to download PIFTS.exe from MediaFire! Download it an unzip and then you can use Anubis to analyze the file... ANUBIS UNKONWN BINARY ANALYZER

Whoever is linking ATS on the Norton forums, stop.

You're going to bring all of Anon here.

Originally posted by ANNED
WARNING WARNING

Antivirus360 has gotten into the act and if you try to google Pifts.exe you will walk into one of there traps.
www.ripoffreport.com...

You will first get a pop-up for pifts.exe and then get a warning from AV360 that your computer is infected and them trying to sell you there Antivirus.

I believe pitfs.exe is a piece of malware that was seeded on the internet BY AV360 and the seeded a large number of AV companies sites asking about it so that people would go to google looking for information on Pifts,exe and walk right into AV360s trap.

That is why it looks like the Antivirus companies are pulling it from there forums.
What they are doing is banning the poster (shill for AV360)that posted it on there site.
This deletes the subject from there forum.

Yeah, I hit one of these virii via googling "pifts.exe." Both McAfee and Anubis squashed it immediately. Not sure why that's important, but be careful when searching this file. I vouch that virii have been found by just searching for pifts.exe.

Heads up.


- Strype

Originally posted by DJMessiah
Whoever is linking ATS on the Norton forums, stop.

You're going to bring all of Anon here.

someone also posted quote "Gemwolf I'm gonna get you"

not sure if thats how it was said exactly but to the same affect.

reply to post by dankanight13


I take it it's been deleted by now?

Edit:

lol! Gemwolf is gonna get you!

community.norton.com...



Seems like they've given up on deleting the spam...

[edit on 10-3-2009 by Gemwolf]

reply to post by dankanight13


That was me. XD

I was trying to warn whoever is doing it.

It wouldn't surprise me if there was a new virus out there being made with the same name as the file in question.

As for now, I would suggest everyone avoid searching websites for it, until there is an explanation by Norton.

Originally posted by Gemwolf
reply to post by dankanight13

 

I take it it's been deleted by now?

sorry, it was actually "Gemwolf is going to get you"

community.norton.com...

reply to post by dankanight13


Ah, I misread your post.

Yeah, I said "Gemwolf is gonna get you," not "Gemwolf I'm gonna get you."

I would never threaten Gemwolf.

They already deleted the thread.

[edit on Tue Mar 10th 2009 by DJMessiah]

reply to post by DJMessiah


sorry, I misread yours as well.

>.<

[edit on 10-3-2009 by dankanight13]

Originally posted by fooffstarr
reply to post by nikmti

 

Would have to be a hell of a hacker to break an Antivirus company's link to it's software.

They'd go away for years if they were caught.

Unless of course "they" were the boys holding the kite strings of big brother.

ATTENTION:

Although we appreciate the enthusiasm, try not to drag ATS into it...


We don't advocate spamming of other sites, nor do we "boast" about it. I doubt if spamming/upsetting the Norton mods will get any answers (sooner). Should you decide to spam Norton in any case, please don’t bring it over to ATS as board wars are forbidden in the Terms & Conditions Of Use

2g.) Board Wars: You will not use these boards to organize "attacks" on other boards, blogs, or discussion groups, and similarly, you will not organize such attacks against this board. Doing so will result in removal of your post(s) and immediate termination of your account.

Originally posted by tommyboy1981
CONTACTS

stats.norton.com DNS_TYPE_A 67.134.208.160 1

As usual on here doom and gloom! Its for statistical purposes only! No auto runs created or anything. Waste of my time!

Here's something a good friend of mine pointed out:

That IP above resolves to SwapDrive. .. and guess where it's located...?

shmack dab in Wash. D.C.

...

IP address [?]: 67.134.208.160 [Whois] [Reverse IP]
IP address country: United States
IP address state: District of Columbia
IP address city: Washington
IP postcode: 20004
IP address latitude: 38.895401
IP address longitude: -77.029701
ISP of this IP [?]: Qwest Communications
Organization: SWAPDRIVE

Or perhaps the other opinion is right... "a marketing/spam campaign by the wonderful folks at antivirus2009"?

reply to post by pegasi51


Norton could easily blame it on a hacker, if it were their software, and they were found out to have implemented a malware file without the consent of their customers.

If the EU finds out, Norton will be banned and heavily fined.

It appears that the Norton Moderators have given up on banning and deleting posts...(and haven't done anything else to stop them as far as I can tell)

I wonder why.



[edit on 10-3-2009 by dankanight13]

Originally posted by pegasi51

Originally posted by fooffstarr
reply to post by nikmti

 

Would have to be a hell of a hacker to break an Antivirus company's link to it's software.

They'd go away for years if they were caught.

Unless of course "they" were the boys holding the kite strings of big brother.

Yes. As I mentioned in a previous post, the large AV companies are known to actually pay expirienced programmers to "beat" their software. I cannot currently source this information, as if it's not somewhat obvious regardless. I can, however, direct you to my boss who is a former Symantec employee (He was only a network assistant, but I have no reason to doubt what he has told me). U2U me if you'd like to contact him regarding AV companies (at very least, Norton) paying high level programmers to "defeat" their security.


- Strype

reply to post by Strype


It sure beats Microsoft releasing a product after alpha testing, and having the consumers do a live beta test.

The amount of cyber-sabotage that occurs in the business world would surprise many people. Businesses will literally pay hackers to hack their competition, so that consumers will lose trust in that business's product, once the exploit is revealed.

I ran a scan for the exe and nothing came up. I have corporate NAV.

I would never use Google desktop - it would be interesting to see if the exe only showed up in systems running google desktop AND NAV.

reply to post by DJMessiah


Yes. Microsoft is definately a bit loose when it comes to revealing their products.

And you're absolutely correct about the cyber sabotage. The market is enormous and the people involved are ruthless. It becomes even more disturbing knowing that the destructive scripts these people are payed to write will inevitably end up all over the web. It's a virtual plague that will never end.

- Strype

This is baffling.

Not used Norton for many many years - prefer the freebie stuff these days.

I'm gonna go and harrass the IT techs in work and see if they know anything about it.

Anyone any nearer solving this?

I really don't think that the spammers on the symantec boards are helping themselves or the rest of us.

If any ATS'ers are doing this - please don't! it's immature.

BTW when you type pifts.exe into google - wer are the third in the list - cool eh?

Then again - if this is dodgy it's time to get the disinfo agent goggles on...

THink I may have already spotted one though - gonna keep it to myself for now.

Peace,

MGGG

hmmm maybe they are deleting the forum threads because they are receiving too much traffic from pifts.exe searches on google etc!?

Another theory is that maybe because Norton is the most widely used AV program they could be hunting down a worm creator/spreader!?

This is just too obvious to be malicious in any way! They could have used kernel hiding and dll firewall bypassing to make this PIFTS go unnoticed and less obvious to 99% of people!





[edit on 10-3-2009 by tommyboy1981]