Pifts

From /i/nsurgency W/i/ki
Jump to navigationJump to search

PIFTS.exe accesses your Internet History, Temporary Internet Files and Google Desktop. It appears to be tracking your searches. Norton is deleting all comments about it on their forums, and they were being deleted on Yahoo! Answers as well.

CONTACT

  1. Pifts.exe @ irc.freenode.net
  2. Pifts.exe_misinfo @ irc.freenode.net

DATA

http://pastebin.com/m1e207a78 http://www.mediafire.com/?mnmh35b9d0k http://www.megaupload.com/?d=HV4TFAJJ PIFTS.exe disassembled http://anubis.iseclab.org/?action=result&task_id=19d7659347c3ebcd4a5ba7e9faa60fa14&format=htm (srs website wondering wtf the file is)

MEDIA

http://it.slashdot.org/article.pl?sid=09/03/10/139229 (WIN!) http://digg.com/software/What_is_PIFTS_and_why_is_Symantec_covering_it_up http://digg.com/software/What_is_PIFTS_and_why_is_Symantec_covering_it_up? http://www.reddit.com/r/reddit.com/comments/83hjr/symantec_covering_up_the_piftsexe_file_and/ http://www.tech-linkblog.com/2009/03/conspiracy-theories-run-rampant-due-to-piftsexe.html http://www.abovetopsecret.com/forum/viewthread.php?tid=444230 http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-Topic&message.id=19880 http://community.norton.com/norton/board?board.id=nis_feedback (Norton Internet Security / Norton AntiVirus Forums) http://chrysler5thavenue.blogspot.com/2009/03/piftsexe.html

http://gigazine.net/index.php?/news/comments/20090310_pifts_exe_norton/ (japanese tech blog picked up on the story) http://translate.google.com/translate?prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fgigazine.net%2Findex.php%3F%2Fnews%2Fcomments%2F20090310_pifts_exe_norton%2F&sl=ja&tl=en&history_state0= (tranlation to english)

http://questionbox.jp.msn.com/qa4784219.html (MSN Japanese post about it a tech help section of there site. site is regional it seems) http://74.125.113.132/translate_c?hl=en&ie=UTF-8&sl=ja&tl=en&u=http://questionbox.jp.msn.com/qa4784219.html&prev=_t&usg=ALkJrhj_g1aRvBSFwp1sJVA-YQdRZzE57A (tranlation to english)

http://pc11.2ch.net/test/read.cgi/sec/1235400043/642n (2ch BBS discussion begins) http://74.125.113.132/translate_c?hl=en&ie=UTF-8&sl=ja&tl=en&u=http://pc11.2ch.net/test/read.cgi/sec/1235400043/642n&prev=_t&usg=ALkJrhiCZNufy_SmBRfQwdAdMczO0v2whQ (tranlation to english)

http://forums.shoryuken.com/showthread.php?s=8861e008de41ff5bc2c71247750de8d3&p=6268378 (discussion about pifts.exe and Steve Gibson's podcast, Security Now! podcaster. Users hoping he can explain wtf the file is all about)

IMAGES

http://img220.imageshack.us/img220/9219/tcpview.jpg -- A cap of pifts trying to access the internet, taken in the second or so it displayed. http://img18.imageshack.us/img18/8581/pifts.gif http://img3.imageshack.us/img3/3863/pifts2.gif http://img142.imageshack.us/img142/750/1236680748455.jpg (properties of a file in a update directory, unconfirmed if it's the real file or just a faker trying to get attention, I suspect it is the real one) http://img5.imageshack.us/img5/6486/1236683072542.jpg (info about pifsvc.exe which seems related) http://gigazine.jp/img/2009/03/10/pifts_exe_norton/pifts01.png (/b/ having some fun, but there was lots of legit posts about pifts.exe before they got there) http://img111.imageshack.us/img111/6922/registeration.jpg (taken at http://community.norton.com/norton/user_signup that's some wired shit going on, those mod should get fired.

RELATED

pifsvc.exe (process info for LiveUpdate Notice Service) may be related in purpose to pifts.exe since they both are named with P I F which is in the windows registry of computers with norton installed. links: http://www.google.com/search?client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&channel=s&hl=en&q=%22pifsvc.exe%22&btnG=Google+Search

OTHER IDEAS

Anonymous 03/10/09(Tue)06:29:36 No.122551388 (from /b/) 

   Anon, I propose a war. A war unlike any others. Please, hear me out.

   A wise anon posted this.

   >Ummm, shouldn't we be fanning these flames of mistrust into ever greater fear and ultimately rage?

   >I mean, shouldn't we harness this to cause damage to someone, which would be Symantec's reputation I guess.

   >Anyway, this thread seems just too passive. When there is something unusual and possibly scary, but probably not, I think we should give it a nudge into horrifying paranoia.

   >I like the North African IP thing. What would sound scary there? Al Qaeda in Eritrea? A new Al Qaeda online cyberterror front that has designs on stealing people banking details and identities for use in funding and upplying terror ops? Did they have a spy named Arun at Symantec? Arun [make up good sounding arab surname] of Al Qaeda in Eritrea?

   This got me thinking. He's right, on one hand we've got everyone looking to norton for an explanation and everyone else searching the internets for the string "pifts.exe". I say we start making claims. We blow this out of proportion. IMO the best way to go about this is is by coming up with a few "facts" and then every anon can string them together however they like.

   continued in next post

>>Anonymous 03/10/09(Tue)06:30:00 No.122551434 

   part 2

   We'd be posting on the forums as someone said in another post.

   >We're joining in the game a little bit late so we will want to plan ahead. Everyone needs to make accounts on their forums. If we just raid it as is they'll probably stop allowing new accounts and just block the already made accounts from being able to post (seems to be their current tactic). So how about we start the raid in two hours? Does that seem like enough time for everyone to make accounts? We don't want to give them enough time to come up with a story that will calm everyone down.

   >Remember, we're like the 300 spartans, the whole internets is practically raiding them right now, but we're the only ones who know what the fuck we're doing.

   Also, we'd be making blogs and shit which we would be linking to for our sources. The more blogs we have and the more interlinked they are the harder it will be to disprove (think religious circular logic). Blag A cites Blog B which cites Blog C and A and so on and so forth.

"Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation.

Symantec, the makers of Norton AntiVirus and related products, is reportedly working with the FBI on ways to preclude their products from detecting Magic Lantern. Eric Chien, a top researcher at Symantec, emphasized the ability to detect "modified versions." --Anonymous

There is some discussion that Pifts.exe may be a keylogger program, a modified version of Magic Lantern [ http://en.wikipedia.org/wiki/Magic_Lantern_(software) ]

Retrieved from "https://pvwiki.chipmunk.land/index.php?title=Pifts&oldid=16293"