Da uno degli ultimi aggiornamenti di Norton LiveUpdate è apparso questo strano file:PIFTS.EXE.Tutto è cominciato da un utente che si è accorto di questo file in quanto voleva l'accesso ad internet per collegarsi ad un IP africano.Questo pomeriggio (ora locale) sono avvenuti vari DDOS verso il forum, buttandolo giù 3 volte come forma di protesta e per avere informazioni.Norton non ha risposto a nessuna domanda, anzi, ha cancellato qualsiasi notizia su questo episodio bannando addirittura chi chiedesse spiegazioni!Googlando potete vedere tra i primi risultati i vari thread del forum di Norton, ma cancellati. Maggiori informazioni su Digg

http://digg.com/security/The_mysterious_Norton_cover_up_and_pifts_exe
http://digg.com/software/What_is_PIFTS_and_why_is_Symantec_covering_it_up

P.S.
Diggate anche voi, bisogna far luce su questo fatto.Ripeto, Norton non vuole far spiegare a cosa serve questo file!!

Norton Users Worried By PIFTS.EXE (http://it.slashdot.org/article.pl?sid=09/03/10/139229)

African executable raises Symantec hackles (http://www.theinquirer.net/inquirer/news/353/1051353/african-executable-raises-symantec-hackles)

Non lo vuole spiegare perché non è niente di importante per gli utenti :D

È un tool interno utilizzato per sincronizzare lo sviluppo di codice simil-SVN

Che motivo c'è di bannare allora?Come mai un IP africano? Nah, ci deve essere qualcosa sotto.Almeno è quello che voglio :3 Cospirazione~

Mi dispiace, non troverai altro però :p Perché non c'è altro :p

Users Complain of Mysterious 'PIFTS' Warning (http://voices.washingtonpost.com/securityfix/2009/03/symantec_users_complain_of_mys.html)

Mamma mia, è spettacolare come si sta montando un caso in tutto il mondo basato sul nulla :D Sono curioso di vedere fin dove si arriva :D

Anubis - Analysis Report (http://anubis.iseclab.org/?action=result&task_id=144e2a5f2b355af64511c77af5ea5170d&format=html)

Gh non ci fermeremo mai. vogliamo sapere cos'è nel dettaglio.Te come fai a sapere quelle cose?Infiltrato.:ciapet: Continuerò a postare news riguardo questa faccenda :|

Conspiracy theories fly around Norton forum 'Pifts' purge EXE phones home? (http://www.theregister.co.uk/2009/03/10/norton_pifts_mystery/)


Symantec UK told us it was looking into the issue. The reliable Internet Storm Centre reports that Symantec told it the program is part of the Norton update process and is benign.

This fails to explain why support forum postings were deleted, a type of behaviour that might be cited as evidence that Symantec has something to hide. It also doesn't explain why the file reportedly appears in a non-existent folder. ®

EDIT:

謎の実行ファイル「Pifts.exe」をめぐって、ノートンインターネットセキュリティの公式掲示板が大荒れに (http://gigazine.net/index.php?/news/comments/20090310_pifts_exe_norton/)

Anche dal jap qualche news, ww.

sintonizzato! :D

Update, 2:23 p.m. ET: Dave Cole, senior director of product management at Symantec, said the PIFTS file was part of a "diagnostics patch" shipped to Norton customers on Monday evening. The purpose of the update, Cole said, was to help determine how many customers would need to be migrated to newer versions of its software as more Windows users upgrade to Windows over 9000.

"We have to make sure before we migrate users to a new product that we can see what kind of load we can expect on our servers, and which customers are going to have to be moved up to the latest version of our product," Cole said.

As to why Symantec has been deleting posts about this from their user forum, Cole said the company noticed that minutes after the update went out hundreds of new users began registering on the forum, leaving inane and sometimes abusive comments.

"We want to be out there in the community, but by the same token, if we see abuse we will shut it down pretty quickly," Cole said. "There was no attempt at secrecy here, but people were spamming the forum and making it unusable to everyone."

In Symantec's defense, when I first heard about this earlier this morning, I noted privately to a couple of folks that some of the comments being left on the Symantec forum bore many of the hallmarks of "4Chan," (a.k.a. "anonymous"), a virtual community that thrives on playing practical jokes and causing trouble online. The summary about this incident posted to News-for-nerds site Slashdot this morning links to a key 4Chan forum.

Mmmhh... :rolleyes: rimane che loro deletavano i thread prima dello "spam".

:D

Mmmhh... :rolleyes: rimane che loro deletavano i thread prima dello "spam".

link?

link?

Ma se hanno cancellato tutti i thread :rolleyes:

conspiracy fodder: pifts.exe (http://isc.sans.org/diary.html?storyid=5992&rss)


I just had a phone call from a Symantec employee confirming the program is theirs, part of the update process and not intended to do harm, more to follow, stay tuned.

Ceeerto :fagiano:

Comunque, fate attenzione ai falsi PIFTS.exe, alcuni sono davvero malware(ma che rapidità per diffondere malware :D )

se ci vogliono inculare lo fanno per bene senza farsene accorgere...e sicuramente lo fanno tutte le maggiori case di software e non solo (google)...

ma questo file .exe si dovrebbe trovare tra i processi attivi forse?

Norton product patch "PIFTS.exe" and Norton Users Forum (http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119)

The End?:stordita:

Edit:
Still, why Africa?Forse non lo sapremo mai...

Oh, finalmente un comunicato della Symantec :D Il capolinea :)

io questo file non l'ho trovato nel mio pc... e voi l'avete?

io questo file non l'ho trovato nel mio pc... e voi l'avete?

Hai norton?Se non lo trovi, ovvio, è nascosto in una cartella "non esistente"( a detta delle voci) ma te ne puoi accorgere tramite un firewall visto che fa richiesta di accesso alla rete.Io non uso norton e non ti so dire.

io questo file non l'ho trovato nel mio pc... e voi l'avete?

Hai norton?Se non lo trovi, ovvio, è nascosto in una cartella "non esistente"( a detta delle voci) ma te ne puoi accorgere tramite un firewall visto che fa richiesta di accesso alla rete.Io non uso norton e non ti so dire.

Dipende dalla versione in uso l'ormai famoso file PIFTS.exe è una patch diagnostica per le versioni 2006 e 2007 di Nav e Nis

Concludo con questo link:
http://pastebin.ca/1357374

Qui ci sono tutte le info e screens riguardante questo file. I want to believe?:D


p.s.
Non ho testato i file in DATA, quindi attenzione se li volete scaricare ;)

Analisi di PIFTS.exe su VirusTotal e ThreatExpert

http://www.virustotal.com/analisis/734465e30a6ee6d6c493471d77940f4c

http://www.threatexpert.com/report.aspx?md5=91b564d825a3487ae5b5fafe57260810

alcune risorse per approfondimenti:

http://www.sophos.com/blogs/gc/g/2009/03/10/mystery-symantec-pifts/
http://it.slashdot.org/article.pl?sid=09/03/10/139229
http://digg.com/software/What_is_PIFTS_and_why_is_Symantec_covering_it_up
http://digg.com/software/What_is_PIFTS_and_why_is_Symantec_covering_it_up?
http://www.reddit.com/r/reddit.com/comments/83hjr/symantec_covering_up_the_piftsexe_file_and/
http://www.tech-linkblog.com/2009/03/conspiracy-theories-run-rampant-due-to-piftsexe.html
http://www.abovetopsecret.com/forum/viewthread.php?tid=444230
http://forums.zonealarm.org/zonelabs/board/message?board.id=Off-Topic&message.id=19880
http://community.norton.com/norton/board?board.id=nis_feedback (Norton Internet Security / Norton AntiVirus Forums)
http://chrysler5thavenue.blogspot.com/2009/03/piftsexe.html
http://2009031009.ubiuexiia.xorg.pl/pifts_exe.html
http://rss.slashdot.org/~r/Slashdot/slashdot/~3/0ey79u8o2KU/article.pl
http://www.freebase.org/
http://blogs.howstuffworks.com/2009/03/10/what-is-piftsexe/
http://www.tech-linkblog.com/2009/03/conspiracy-theories-run-rampant-due-to-piftsexe.html/
http://www.abovetopsecret.com/forum/thread444230/pg1
http://www.lockergnome.com/blade/2009/03/10/symantec-clarifies-piftsexe-fiasco/
http://antivirus.about.com/b/2009/03/10/piftsexe-symantec-faux-pas-generates-controversy.htm
http://federalism.typepad.com/crime_federalism/2009/03/piftsexe-update.html
http://www.telegraph.co.uk/scienceandtechnology/technology/technologynews/4969463/Internet-conspiracy-theories-abound-over-Symantec-Pifts.exe-file.html
http://blog.bull3t.me.uk/archives/internet/the-mysterious-norton-cover-up-and-piftsexe/
http://technologyexpert.blogspot.com/2009/03/conspiracy-theories-abound-over.html
http://answers.yahoo.com/question/index?qid=20090309204126AAGTEsK
http://forums.zonealarm.org/zonelabs/board/message?message.uid=443981
http://chrysler5thavenue.blogspot.com/2009/03/digg-buries-piftsexe-story.html

e molti altri:

http://www.google.com/search?hl=it&client=opera&rls=it&q=PIFTS.EXE&start=20&sa=N

alcune immagini di post cancellati:

http://s5.tinypic.com/2nvtmbn.jpg

http://i41.tinypic.com/20a78s6.jpg

http://i44.tinypic.com/o01g0m.jpg


Risposta ufficiale Symantec:

PIFTS.exe or Product Information Framework Troubleshooter


This entry was created to answer the following key questions around PIFTS.exe:


- What is PIFTS.exe?
- What is the function of PIFTS.exe?
- What information does PIFTS.exe collect?


Norton security products contain a component called Product Information Framework (PIF), and a feature called LiveUpdate Notice (LUN).


LUN is an in-product messaging mechanism that is used to notify customers when new product versions are available. The messaging is targeted to particular systems based on product version, operating system version, and product state, and this state is determined by the PIF component.


For instance, LUN was used to notify users when a Vista compatible version of their product became available, and LUN will again be used to notify users when a Windows 7 compatible version of their product becomes available.


LUN is fully integrated into 2008 and later products, but is a standalone component in 2006 and 2007 products. LUN became available after the 2006 and 2007 products shipped, and was added to the 2006 and 2007 products using LiveUpdate (LU).


Symantec is aware of a problem affecting some 2006 and 2007 products where a subsequent PIF update did not successfully apply. The cause of this problem is currently under investigation, but the result is that these users may not receive appropriate LUN messaging.


To assist with identifying the extent, and potential cause, of the problem, Symantec created an investigative executable that analyzes the Norton product state, and reports the details to Symantec. This information will help Symantec to identify and correct the problem with PIF, in time for the Windows 7 release.


Product Information Framework Troubleshooter (PIFTS) executable details:


File name: PIFTS.EXE
File size: 102400 bytes
MD5 hash: 91b564d825a3487ae5b5fafe57260810


The PIFTS.EXE binary was released through LiveUpdate targeting 2006 and 2007 products. After downloading the LU package, LU executes PIFTS.EXE, and PIFTS.EXE collects product state information, and reports this information to Symantec.


PIFTS.EXE does the following:


- Determines what product is installed, NIS, NAV, N360, NCO, or NSW, by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of the installed product by looking at the file version information of a key product file.
- Determines if PIF is installed by looking under the HKLM\Software\Symantec\InstalledApps registry key.
- Determines the version of PIF by looking at the file version information of two key PIF files.
- Determines if PIF is enabled, and what the PIF state is, by looking at the PIF registry under HKLM\Software\Symantec.
- Determines the version of PIF that LiveUpdate believes is installed, by reading the LU catalog.
- The collected information, as described above, is reported to a Symantec server, called stats.norton.com, using an HTTP GET request. This server is located at a Symantec datacenter located on the East Coast of the United States.


No additional information is collected, no personal information is collected, and no system modifications are made.


raggiungibile qui:

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39119

La società di sicurezza Sophos marchia il file come non pericoloso (Fonte (http://www.sophos.com/blogs/gc/g/2009/03/10/mystery-symantec-pifts/)).

intanto è già uscito un articolo su WikiPedia: :D

http://en.wikipedia.org/wiki/PIFTS.exe

Eh vabbè :3

Pazzesco cosa è successo:mbe: http://www.trackback.it/articolo/gli-hacker-approfittano-di-una-falla-di-symantec/9038/
Dopo che la symantec si era ripresa con Norton 2009 non mi aspettavo un erroraccio del genere (tipo quello di AVG se non ricordo male)