Wednesday, March 11, 2009

Symantec's PIFTS.exe blunder

Symantec, the company behind the famous security solution Norton, had a bad update on their Symantec products, which led to millions of complains and internet meme.

PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base. The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. "If a user would have accepted it they should have been fine, and if they declined it they should have been fine."

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe.

Around 7:30 p.m. Pacific Time, Symantec noticed that its Norton support forums were being flooded with blank messages that had PIFTS.exe in their subject line. Within three hours there were 600 posts about PIFTS.exe. The posts contained no text, only subjects such as "IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?" and "OH GOD YOU GOT CHOCOLATE IN MY PIFTS."

Symantec began deleting the messages, assuming they were from spammers.

Soon the SANS Internet Storm Center had picked up on PIFTS.exe and noted that Symantec discussion-group messages were being deleted. Noting that messages mentioning the mysterious file name were being deleted from Symantec's support forums, SANS said that something "truly bizarre was going on."

By now, Norton users were becoming worried.
"Norton Users Worried By PIFTS.exe, Stonewalling By Symantec,"


Then the hackers stepped in. By midday Tuesday, criminals began posting malicious Web pages that would pop up high on Google searches for PIFTS.exe.

"With parts of the Internet flustering over the Symantec / PIFTS.exe debacle, hackers have set out to poison search engines in an attempt to cash in on unsuspecting computer users,"
wrote Graham Cluley, a senior technology consultant with security vendor Sophos. Cluley said that three of the top five Google results for a pifts.exe search led to pages that redirected users to malicious Web pages, which tried to install fake antivirus software on victims' systems.

Late Tuesday afternoon, these malicious results were still turning up high in Google searches for PIFTS.exe.

"Of course, the fake anti-virus scan is not related to Symantec or the PIFTS.exe file," Cluley added.
"It's just that the hackers are using the interest surrounding that file at the moment to generate traffic to their dangerous Web sites."


4chan the community site that spawned a lot of memes added salt on the wound and almost all of their threads PIFTS.exe is part of the topic

1 comment:

Francesca said...

hi there, do you want to share a secret anonymously? you can write your secret in a paper, take a picture of it and send it to me. check my site for more info. i'll appreciate it if you send me one. although, i won't know since its supposed to be anonymously sent. lol. well anyways, thanks in advance. :)