Bad Symantec update leads to trouble

Norton users were confused after Symantec sent out an unsigned program called PIFTS.exe to users Monday night.

Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.

Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe. "In a case of human error, the patch was released by Symantec 'unsigned,' which caused the firewall user prompt for this file to access the Internet," wrote Symantec spokesman Dave Cole in a forum post explaining the problem.

Users reported that Norton's own firewall software was popping up error messages asking them if they wanted to install the PIFTS.exe file. Norton's firewall would have let it pass, had it been digitally signed.

The update was available for about three hours and was pushed out to a small, "limited number" of Norton users, said Jeff Kyle, a group product manager of consumer products with Symantec.

PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base. The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. "If a user would have accepted it they should have been fine, and if they declined it they should have been fine."

However, the trouble was only just beginning.

Around 7:30 p.m. Pacific Time, Symantec noticed that its Norton support forums were being flooded with blank messages that had PIFTS.exe in their subject line. Within three hours there were 600 posts about PIFTS.exe. The posts contained no text, only subjects such as "IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?" and "OH GOD YOU GOT CHOCOLATE IN MY PIFTS."

Symantec began deleting the messages, assuming they were from spammers.

Soon the SANS Internet Storm Center had picked up on PIFTS.exe and noted that Symantec discussion-group messages were being deleted. Noting that messages mentioning the mysterious file name were being deleted from Symantec's support forums, SANS said that something "truly bizarre was going on."

By now, Norton users were becoming worried. "Norton Users Worried By PIFTS.exe, Stonewalling By Symantec," read a Slashdot post on the topic.

"Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about PIFTS.exe," wrote one poster to the Abovetopsecret.com Web site. "If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall."

Then the hackers stepped in. By midday Tuesday, criminals began posting malicious Web pages that would pop up high on Google searches for PIFTS.exe.

"With parts of the Internet flustering over the Symantec / PIFTS.exe debacle, hackers have set out to poison search engines in an attempt to cash in on unsuspecting computer users," wrote Graham Cluley, a senior technology consultant with security vendor Sophos. Cluley said that three of the top five Google results for a pifts.exe search led to pages that redirected users to malicious Web pages, which tried to install fake antivirus software on victims' systems.

Late Tuesday afternoon, these malicious results were still turning up high in Google searches for PIFTS.exe.

"Of course, the fake anti-virus scan is not related to Symantec or the PIFTS.exe file," Cluley added. "It's just that the hackers are using the interest surrounding that file at the moment to generate traffic to their dangerous Web sites."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags symantecnorton antivirus

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?