Tuesday, March 10, 2009

What is PIFTS.EXE?


So after a mysterious PIFTS.EXE program hits the Kaspersky firewall asking to connect out from one of our machines, I hit the Internet to find that nobody knows, but the world is wondering. According to Google Trends, it has been hovering between the 15th and 25th most frequent search for the last couple of hours. Various theories about PIFTS.EXE appear to be emerging: was it some component of Norton Antivirus that went wrong? Is it some mad terrorist plot to wipe the Internet off the face of the earth and thus prevent people from finding out about why Lil' Kim went to jail?

We sit with baited breath...


There is virtually no information on the internet yet regarding a mysterious program called PIFTS.exe, aside from what's posted on this blog. Symantec, makers of the bloated Norton Anti-Virus software, are deleting any mention of PIFTS.exe from their community forums.

The topic is being discussed at forums.zonealarm.org.

UPDATE (02:36 10 March 2009):
A google search for PIFTS.exe turns up a link to www.kanzlei.biz/uploads/tf/index.php?family-guy-season-7-episode-8/, a nefarious looking website that I suggest you not go to unless you know what you are doing. The site contains javascript which may be malicious. Here's a screen capture from one of the pages on that site.

UPDATE (03:56 10 March 2009): 
In our comments, thepipermethod says the kanzlei.biz website is just mirroring key words from google trends, which at this time includes the terms "PIFTS" and "EXE" and that the site has no other relation to PIFTS.exe.

At zonealarm.org, one person reports talking with various representatives of Symantec for two hours without receiving any answer as to why inquiries posted on the Symantec forums were being deleted. The caller was told that PIFTS.exe is part of Symantec's update installation process, was denied any further information regarding the purpose of the file and was repeatedly transferred to a new representative when asking why inquiries about PIFTS.exe were being deleted from Symantec's forums.

Sources:  

Read much more on the subject...

No comments:

Post a Comment