Symantec Has Problems and PIFTS.EXE is its Name UPDATE: Forum is TitsUp

A recent update to the Symantec Norton Antivirus has somehow embarrassed Symantec.  It included a file called PIFTS.EXE that attempted to send information to a Symantec stats server.

[ad code=2 align=center]

It came to everyone’s attention when their personal firewalls alerted to a Symantec file attempting to go outbound without permission.

A frightened and curious public went to Symantec’s community forum website for answers, and every time they asked what pifts.exe was the post got deleted with no response.  In some cases, the persons asking the questions were banned from the site.

Anonymous, the “internet hacking group,” which is famous for taking down Scientology sites, said, “Oh No they Din’t!”

Now as I write this, hilarity has ensued and Symantec’s community forum is being flooded with stupid questions about PIFTS.EXE.  One of my favorites, was “What what in the PIFTS.”

Stay tuned as I have captured the executable from a friend and will try to run the file (and risk being infected by some Big Yellow Virus!) and analyze the packets.

UPDATE 1: The forum is being inundated with requests or may even be experiencing floods from Anonymous. This is what I get half the time I try to refresh the forum:

Update 2: I don’t have the full bloatware version of Symantec AV on my system.  Running the pifts.exe file alone did nothing, and I was unable to generate a meaningful pcap of any activity.  Other sites are reporting that the file is rather innocuous in that it reports version numbers back to Symantec.  But that doesn’t explain the heavy-handed response Symantec exhibited by deleting posts from their forum.

In all, this demonstrates more erratic behavior from an erratic company that lacks any real leadership.