It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
According to my ZoneAlarm logs, the "PIFTS.EXE" program attempted to access the Internet twice. The first instance was automatically blocked. The second attempt, about 5 hours later, is the one that manually prompted me for a response.
The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.
The "PIFTS.EXE" file is located within the "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt61" folder on my hard drive. The "UpdtXXX" folder (where "XXX" may be any 2 or 3 digit number) will most likely be different in your computer. By default, the "Application Data" folder is hidden. And if searching for the "PIFTS.EXE" file, you will need to alter the "More Advanced Options" to include "Search Hidden Files and Folders". By default, the Windows Search utility does NOT search hidden files/folders.
In my case, the "Updt61" folder was created on 3/9/2009 at 7:29 p.m. But, the "PIFTS.EXE" file was created on 3/4/2009 at 6:05 p.m. Clearly indicating that Norton planned this "update" (a.k.a sniffer) and programmed it to kick off on 3/9/2009.
According to my ZoneAlarm logs, the "PIFTS.EXE" program attempted to access the Internet twice. The first instance was automatically blocked. The second attempt, about 5 hours later, is the one that manually prompted me for a response.
The first attempt that was automatically blocked was attempting to access a destination DNS of " stats.norton.com ". So, my professional guess is that this supposed Norton "Update" was actually being used by Norton for analytical/statistical/demographic information. In other words, Norton was snooping on its users. Or worse yet, profiling its users.
The "PIFTS.EXE" file is located within the "C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\Updt61" folder on my hard drive. The "UpdtXXX" folder (where "XXX" may be any 2 or 3 digit number) will most likely be different in your computer. By default, the "Application Data" folder is hidden. So, you may need to unhide the folder first before viewing its contents. And if searching for the "PIFTS.EXE" file, you will need to alter the "More Advanced Options" to include "Search Hidden Files and Folders". By default, the Windows Search utility does NOT search hidden files/folders.
In my case, the "Updt61" folder was created on 3/9/2009 at 7:29 p.m. But, the "PIFTS.EXE" file was created on 3/4/2009 at 6:05 p.m. Clearly indicating that Norton planned this "update" (a.k.a sniffer) and programmed it to kick of on 3/9/2009. At least, that is my humble, professional opinion.
We here at Ebaums, a forum of anonymous hackers, were able to look at the PIFTS.exe anomaly and have discoverd an individual was able to find a flaw in the Norton System. He then designed a way to exploit this flaw to attain personal information stored on Norton customers PC's.
Originally posted by paddz420
We here at Ebaums, a forum of anonymous hackers, were able to look at the PIFTS.exe anomaly and have discoverd an individual was able to find a flaw in the Norton System. He then designed a way to exploit this flaw to attain personal information stored on Norton customers PC's.
link will be gone
That was posted by White_Knight
I still have no proof this file actually exists and this whole thing is nothing more than a joke by a bunch of people with nothing better to do.
Originally posted by sadisticwoman
hey /g I was running my dad's computer tonight when a popup from norton asked me if I wanted to allow pifts.exe, I tried googling to see what it was and I am not getting any information. Anyone know what the hell this exe is? Also apparently any thread related to pifts.exe is being deleted on the norton forums.
zip.4chan.org...
Yep, that's right. Something that Norton is saying is just a regular update is requesting internet access. I know 4chan isn't everyone's idea of a good news source, but this is being talked about all over the internet, despite Norton's attempts to delete everything concerning the issue.
www.tech-linkblog.com...#
Hey /x/, /g/ needs your help on something. Some seriously shady # is going doing. The makers of Norton are involved in a coverup of some sort. A part of the program tried to access something in Africa. People asked them what it was.
They are deleting every single message about it on their forum and banning users who post them about PIFTS.EXE. We are trying to figure out what the hell it does, and why they are trying to cover it up. If you search Google for it you will find deleted posts in their forums.
What is pifts.exe and why are they trying to cover it up?
zip.4chan.org...
Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about pifts.exe
It's also strange that it's trying to access Africa.
If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall. Looking through its .dll, it accesses your IE history, and for some reason accesses Google as well.
[edit on 10-3-2009 by sadisticwoman]
[edit on 10-3-2009 by sadisticwoman]
Analysis Report for PIFTS.exe
MD5: 91b564d825a3487ae5b5fafe57260810
Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.
- Performs File Modification and Destruction:
The executable modifiesand destructs files which are not temporary.
- Performs Registry Activities:
The executable reads and modifies registry values. It also creates and
monitors registry keys.
Table of Contents
- General information
- sample.exe
a) Registry Activities
b) File Activities
c) Windows Service Activities
d) Process Activities
e) Network Activities
f) Other Activities
- services.exe
a) Registry Activities
b) File Activities
1. General Information
Information about Anubis' invocation
Time needed: 85 s
Report created: 03/10/09, 11:14:21 UTC
Termination reason: All tracked processes have exited
Program version: 1.67.0
Global Network Activities
Unknown UDP Traffic:
From ANUBIS:1025 to 192.168.0.1:53
State: [ Normal establishment and termination ],
Outbound Bytes: [ 34 ], Inbound Bytes: [ 395 ]
2. sample.exe
General information about this executable
Analysis Reason: Primary Analysis Subject
Filename: sample.exe
MD5: 91b564d825a3487ae5b5fafe57260810
SHA-1: 782569ebde2ba72d1a55cfa6e19863c9439199a3
File Size: 102400 Bytes