pifts.exe

My name is URL

It seems that Symantec, the good people that make Norton AntiVir etc. have been lacing their software with what may be a hidden version of Magic Lantern , a "Fedware" program which tracks users and files.

Read more here -
http://www.theinquirer.net/inquirer/news/353/1051353/african-executable-raises-symantec-hackles

Saruman

interesting... I just noticed something else.
Googles cached option does NOT work if you google pifts.exe
Since symantec are deleting threads I assume they got on to google and told them to turn off caching for that search.

My name is URL

Saruman wrote: »

interesting... I just noticed something else.
Googles cached option does NOT work if you google pifts.exe
Since symantec are deleting threads I assume they got on to google and told them to turn off caching for that search.

hmm I never noticed that. Quite obviously trying to hide something.

aidan_walsh

I don't see anything in that report that suggests anything to do with Magic Lantern. Whats your source on that?

My name is URL

aidan_walsh wrote: »

I don't see anything in that report that suggests anything to do with Magic Lantern. Whats your source on that?

I've seen it posted on various forums. I guess there's no real source since Symantec are refusing to acknowledge the issue at all -

http://forums.guru3d.com/showthread.php?t=290315

Saruman

See post 5
the africa thing seems to be bull
http://forums.guru3d.com/showpost.php?p=3060551&postcount=5

Anti

Ive been reading up on this all morning and afetrnoon now, ive also read rumors that this is some kind of trackign software with a backdoor, a few people on the chans are currently tryign to sandbox this to see whats being sent in the outgoing packets. the chans and places like ebaumsworld have been raiding norton's sites all days, its kidna scary the ammount of info on employees they have already gotten. Also the ip address that pifts is sending the packets too is someone in north east america (washington DC) (67.134.208.160) and some north african ip which seems to be fake.

This also seems to be popping up on the corporate versions of norton software too, quite alot of people panicing at the moment. All i can say is thank god i dont use norton.

My name is URL

Anti wrote: »

Ive been reading up on this all morning and afetrnoon now, ive also read rumors that this is some kind of trackign software with a backdoor, a few people on the chans are currently tryign to sandbox this to see whats being sent in the outgoing packets. the chans and places like ebaumsworld have been raiding norton's sites all days, its kidna scary the ammount of info on employees they have already gotten. Also the ip address that pifts is sending the packets too is someone in north east america (washington DC) (67.134.208.160) and some north african ip which seems to be fake.

This also seems to be popping up on the corporate versions of norton software too, quite alot of people panicing at the moment. All i can say is thank god i dont use norton.

I guess that proves that you shouldn't mess with Anonymous :pac: My employers use Norton Corporate edition on all of their machines. I'm surprised it's even on corporate versions considering it's a tracking software.

My name is URL

Here's a detailed analysis of what pifts actually does -

http://anubis.iseclab.org/?action=result&task_id=19d7659347c3ebcd4a5ba7e9faa60fa14&format=html

Saruman

looks like the only IP/dns name address it looks up is stats.norton.com

Martyr

would it not be more likely an optional "upgrade" ?

whenever feds want access to someones computer - based on the software installed, any future updates could install some file which allows remote access without the users knowledge.

it would be more plausible than integrating an entire backdoor into the software itself which would be easily found by a reverser.

EDIT: this is nothing to worry about

a private communication from a Symantec employee reassured us that the problem was more likely to be an error by one of their staff than a sinister plot against its users. We understand that an official statement from Symantec will be available soon.

false alarm.

My name is URL

That's weird. They reacted in a very strange way if that is the case. Closing their forum and asking Google not to cache searches..! wtf was all that about!

edit -- 100th post w00t!

Martyr

ah now, Upward Spiral...Symantec haven't said anything about it so far, and Google hasn't released any statement either.

its just a hoax.

My name is URL

Martyr wrote: »

ah now, Upward Spiral...Symantec haven't said anything about it so far, and Google hasn't released any statement either.

its just a hoax.

Yeah, you're more than likely right but I love a good conspiracy theory lol. My own gut reaction when I read about this first was that it's some sort of software validation tool, but that's too boring :pac:

My name is URL

Turns out that it wasn't a hoax after all, but a series of unfortunate events.

It's outlined beautifully here - http://www.freebase.org/

Quite a rookie mistake to make for such a well established company!