Norton causes alarm and despondency
Yesterday, Tuesday 10 March, the net was alive with the sound of alarm messages about a mysterious file by the name of PIFTS.exe, which seemed to have something to do with Norton Internet Security and Norton Antivirus 2006 & 2007 from Symantec. At the same time, Symantec was also blocking messages to its forums. This caused a certain amount of insecurity, along with some hair-raising conspiracy theories, but Symantec is now saying it was all a misunderstanding due to a tiny error.
For a short while on Monday, Symantec was issuing Product Information Framework Troubleshooter (PIFTS) as a patch via LiveUpdate. This, it explains, is a tool that collects certain information about installed products and operating system versions and reports it back anonymously. It was intended to help determine how many customers would need to be migrated to newer versions. Due to a slip-up, it wasn't given a digital signature, so personal firewalls reported its activity and asked users whether it ought to be allowed.
This question naturally aroused disquiet and stimulated many messages to Symantec's support forums. Then along came a second clue suggesting the existence of a conspiracy; the messages were wiped without comment. As Symantec now retrospectively explains, it had both hands full trying to cope with a simultaneously launched spam attack. It seems that spammers had jumped aboard, creating hundreds of accounts and posting shoals of nonsensical contributions, some of them obscene. While deleting this garbage, Symantec's cleaning staff also expunged genuine customer enquiries. These two phenomena set off suspicions and conspiracy theories that spread like wildfire over the internet and even more so over Twitter.
Symantec's version is backed up by the serious warnings issued by the Internet Storm Center, about web sites that appeared high among the hits in response to Google searches for PIFTS.exe and, if opened, would attempt to install malicious software. Brian Krebs, who writes about technology and computer security for the Washington Post, says he sees parallels here with the practical jokes played by the underground community 4chan, also known as "anonymous". In a thread of its own, Symantec now, not only gives its version of the event, but also explains the activities of the file in question.