Something foul appears to be afoot.  The problem is, we don’t know if it’s a problem with Symantec or a hacking problem.

Apparently, someone sent out a message yesterday stating that they received a Norton Program Alert saying, “PIFTS is attempting to access the Internet.”

Upon further investigation, it was revealed that the file in question belonged to SwapDrive, which is a Symantec-owned company.

This user then posted questions about it on the Symantec forums, only to have his threads deleted and his account terminated.


I was following a thread here regarding an error message that many people got today and the thread was deleted. So here is a new thread.

I have an expired version of Norton Internet Security. Today I received a program alert which said:
PIFTS is attempting to access the Internet
Program: PIFTS.exe
Path: C:ProgramDataSymantecLiveUpdateDownloadsUpdt652
Date/Time: 3/9/2009 5:58 PM

This appears to be a Norton file of some sort. However, Norton does not offer any information about this file.

Here is what I gathered so far:
-If you block this file’s access to the internet then it might not be able to provide any updates to your Norton.
-It might be related to another company that Symantec recently acquired.

If Norton or Symantec or anyone else can provide any info that would be greatly appreciated!!

I clicked the submit button but immediately I got this error message:

We’re sorry, but you have been banned from using this site.

I suspected that they banned me because my password bashed Norton. So I created a new account called WhatsPIFTS and posted the same message again.

A few minutes later I reloaded my post and got this message:

The message you are trying to access has been deleted. Please update your bookmarks.

Shortly thereafter my new account was banned!

According to Google Trends, pifts.exe was the 23rd most commonly searched term yesterday.

PIFTS has since been identified. A comment points to this page, which explains that the “Product Information Framework Trouble Shooter” is “a diagnostic patch that we put out for the older products” and was put out without being properly signed by Symantec, prompting the firewall response.

But what about the forum deletions and account terminations?

According to Symantec, a 4chan spammer got into the system.  Hmmmm, that’s almost too easy an explanation.

They say that their “policy” is not to delete.  Decide for yourselves.  Conspiracy or hacker?

Reblog this post [with Zemanta]