Tuesday, March 10, 2009

Norton Customers: Beware of Searches for "PIFT.exe"

Elusive information and disappearing requests for help from the support forums at Norton Internet Security / Norton AntiVirus support forums has caused all kinds of speculation as to the source and/or purpose of PIFT.exe, added to unsuspecting Norton customers in a recent update. As reported by the SANS Diary at conspiracy fodder: pifts.exe:

"Several readers wrote in with samples of a file PIFTS.exe that seems to be related to a Norton update and gets flagged for its behavior.

The file has been confirmed to call home to stats.norton.com ."

The more serious problem at the moment is that Graham Cluley of SOPHOS has reported in Malware authors jump on the PIFTS.EXE bandwagon:

"We're seeing evidence that websites containing malware are showing up in search engine results when people hunt for more information about PIFTS. Sophos's WS1000 Web Appliance is already picking up some of these sites as Mal/BadRef-A, and preventing users from accessing them.

The Mal/BadRef-A script redirects to another malicious script (detected by Sophos as Troj/Reffor-A) which then itself redirects to a page detected as Mal/FakeAvJs-A.

That page leads to a fake anti-virus scan (also known as scareware) designed to frighten computer users out of their hard earned cash. It's ironic that a scare about a file in an anti-virus program is leading users to search and visit a page where they will be scammed by a fake anti-virus program. Ho hum."

Please stick to the "mainline" sites when seeking information on PIFT.exe. In the event you do hit one of the infected sites, close any pop-up via Task Manager (Ctrl+Shift+Esc > Applications > End Task).

A statement has been issued by a "davecole" a Symantec employee at the support forum. See Norton product patch "PIFTS.exe" and Norton Users Forum [Edited]

The way things have been going, I will stay with my Recommendation: Replace Norton!

References:





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments:

Post a Comment

Neither spam nor comments containing vulgarities will be approved.