The more serious problem at the moment is that Graham Cluley of SOPHOS has reported in Malware authors jump on the PIFTS.EXE bandwagon:"Several readers wrote in with samples of a file PIFTS.exe that seems to be related to a Norton update and gets flagged for its behavior.
The file has been confirmed to call home to stats.norton.com ."
Please stick to the "mainline" sites when seeking information on PIFT.exe. In the event you do hit one of the infected sites, close any pop-up via Task Manager (Ctrl+Shift+Esc > Applications > End Task)."We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for more information about PIFTS. Sophos's WS1000 Web Appliance is already picking up some of these sites as Mal/BadRef-A, and preventing users from accessing them.
The Mal/BadRef-A script redirects to another malicious script (detected by Sophos as Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.
That page leads to a fake anti-virus scan (also known as scareware) designed to frighten computer users out of their hard earned cash. It's ironic that a scare about a file in an anti-virus program is leading users to search and visit a page where they will be scammed by a fake anti-virus program. Ho hum."
A statement has been issued by a "davecole" a Symantec employee at the support forum. See Norton product patch "PIFTS.exe" and Norton Users Forum [Edited]
The way things have been going, I will stay with my Recommendation: Replace Norton!
References:
- Norton Forum Statement: Norton product patch "PIFTS.exe" and Norton Users Forum [Edited]
- SANS Diary: conspiracy fodder: pifts.exe
- SOPHOS: Malware authors jump on the PIFTS.EXE bandwagon
Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...
No comments:
Post a Comment