Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Internet users have raised concern on the Twitter site after permission was sought to allow an executable file to be downloaded.Graham Cluley, senior technology consultant at Sophos, alerted Twitter users to the concern, claiming that there was ‘lots of internet babble and conspiracy theories around Symantec and a file called PIFTS.exe'.He claimed that users of Symantec's Norton anti-virus products began to see firewall alerts asking them if they wanted to trust the program, and that ‘panic' grew as reports came in that questions posted on Norton's community forum about PIFTS were being deleted without answer. A report on the Slashdot website claimed that on Monday evening, on systems with Norton Internet Protection running, users began to see a popup warning about the executable file trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder, and there were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The poster claimed that there was an initial thread that received several thousand views and several pages of replies in a few short hours before being deleted, while several subsequent posts to the Norton forum were deleted much more quickly. Swa Frantzen, an incident handler with the SANS Internet Storm Center, claimed that PIFTS.exe appears to be related to a Norton update since it has a component in it that leverages the user's internet connection to contact a web page at norton.com, which is owned and operated by Symantec. Cluley claimed that some affected users have submitted the file in question to services like VirusTotal, with results showing that no anti-virus products appear to be classifying it as malware. Cluley said: “The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters. “The file PIFTS.exe is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.” He further claimed that a private communication from a Symantec employee reassured him that the problem was more likely to be an error by one of their staff than a sinister plot against its users. See original article on scmagazineuk.com
A report on the Slashdot website claimed that on Monday evening, on systems with Norton Internet Protection running, users began to see a popup warning about the executable file trying to access the internet. The file was shown to be located in a non-existent folder inside the Symantec LiveUpdate folder, and there were several posts about this to the Norton customer forums asking for help or information on this mysterious program. The poster claimed that there was an initial thread that received several thousand views and several pages of replies in a few short hours before being deleted, while several subsequent posts to the Norton forum were deleted much more quickly. Swa Frantzen, an incident handler with the SANS Internet Storm Center, claimed that PIFTS.exe appears to be related to a Norton update since it has a component in it that leverages the user's internet connection to contact a web page at norton.com, which is owned and operated by Symantec. Cluley claimed that some affected users have submitted the file in question to services like VirusTotal, with results showing that no anti-virus products appear to be classifying it as malware. Cluley said: “The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters. “The file PIFTS.exe is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.” He further claimed that a private communication from a Symantec employee reassured him that the problem was more likely to be an error by one of their staff than a sinister plot against its users. See original article on scmagazineuk.com
The poster claimed that there was an initial thread that received several thousand views and several pages of replies in a few short hours before being deleted, while several subsequent posts to the Norton forum were deleted much more quickly. Swa Frantzen, an incident handler with the SANS Internet Storm Center, claimed that PIFTS.exe appears to be related to a Norton update since it has a component in it that leverages the user's internet connection to contact a web page at norton.com, which is owned and operated by Symantec. Cluley claimed that some affected users have submitted the file in question to services like VirusTotal, with results showing that no anti-virus products appear to be classifying it as malware. Cluley said: “The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters. “The file PIFTS.exe is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.” He further claimed that a private communication from a Symantec employee reassured him that the problem was more likely to be an error by one of their staff than a sinister plot against its users. See original article on scmagazineuk.com
Swa Frantzen, an incident handler with the SANS Internet Storm Center, claimed that PIFTS.exe appears to be related to a Norton update since it has a component in it that leverages the user's internet connection to contact a web page at norton.com, which is owned and operated by Symantec. Cluley claimed that some affected users have submitted the file in question to services like VirusTotal, with results showing that no anti-virus products appear to be classifying it as malware. Cluley said: “The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters. “The file PIFTS.exe is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.” He further claimed that a private communication from a Symantec employee reassured him that the problem was more likely to be an error by one of their staff than a sinister plot against its users. See original article on scmagazineuk.com
Cluley claimed that some affected users have submitted the file in question to services like VirusTotal, with results showing that no anti-virus products appear to be classifying it as malware.
Cluley said: “The file appears to be entirely non-malicious, and related to Norton's security product. It's build date of Thursday March 5th, suggests it has only just been created. PIFTS attempts to connect to a webserver (stats.norton.com), passing information such as product name, version number and a series of other non-obvious parameters.
“The file PIFTS.exe is about 100k in size, so it would take some time to analyse in detail. However, we feel fairly comfortable in debunking the internet rumours claiming that PIFTS might be a rootkit or government-sponsored backdoor to spy on the masses. We think it's more likely that Symantec's programmers simply forgot to properly tag the file as having permissions to perform its functions.”
He further claimed that a private communication from a Symantec employee reassured him that the problem was more likely to be an error by one of their staff than a sinister plot against its users.
See original article on scmagazineuk.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.