PIFTS.exe

From Encyclopedia Dramatica
Jump to navigation Jump to search
PIFTS Warning.gif
Watch out for this .exe, its presence on your computer could lead to FBI vans.
Even Boxxy loves Pifts.exe!
Pifts.exe attempts to open a connection to another pc TEH FBIZ.

PIFTS.exe is a recent Norton embedded "feature" which is logging all Google searches and cookies, then sending a report to several agencies, including not only Symantec but also Microsoft, a strange server in Africa and a government server in Washington D.C. PIFTS.exe is also known to give your computer AIDS and e-mail your grandmother crude photoshops of your head on top of a gay porno actor being fucked in the ass with a rake.

PIFTS.exe was first discovered by a user on /g/, who was subsequently told to make a thread on the Norton forums to find out just what the fuck was going on. After said post was made, it was deleted by the Norton moderators. It was also soon discovered that all Google references to the Pifts.exe had mysteriously vanished from the interwebs, and that this page is blocked from StumbleUpon.

A PIFT file? In MY temp folder?

Many Norton product users have been discovering a file called Norton_PIFTS 3-9-2009 19h29m27s.txt sitting in their computer's C:\temp folder.

PIFTS in my temp folder.jpg

Other PIFTS.exe criminal activity

Below is a list of things that PIFTS.exe is rumored to be responsible for:

PIFTS: Repercussions of Norton

Use scrollbar to see the full image

PFITSBanned.jpg

Anonymous waited. The firewall notice in front of him blinked and warned out of nowhere. There were trojans in the computer. He didn't see them, but had expected them now for years. His warnings to Norton users were not listened to and now it was too late. Far too late for now, anyway.

Anonymous was safeguarding for 5 years now. When he was young he watched the trojans and said to Norton "I want to help defend against viruses Norton." Norton said "No! You will DOWNLOAD OUR PROGRAM" There was a time when he believed them. Then as he got oldered he stopped. But now in the midst of Anons without UAC or firewalls he knew there would be trojans. "This is /b/" 4chan crackered. "You must fight the pifts!" So Anonymous got his raids and blew up the Norton forums.

"THEY ARE GOING TO KILL US!" said the Norton "I will enable magic_lantern at them" and he started gathering loli and shota information from Anon. Anon explodeded their vans at them and tried to blew Norton up. But then the website fell and they were not able to kill. "No! I must kill the pifts!" Anon shouted

The Digg said, "No, Anon. You are the pifts."

And then /b/ was a pifts.

Magic Lantern: the main target is YOU

Magic Lantern is keystroke logging software developed by the United States' Federal Bureau of Investigation.

Symantec, the makers of Norton AntiVirus and related products, is reportedly working with the FBI on ways to preclude their products from detecting Magic Lantern. Eric Chien, a top researcher at Symantec, emphasized the ability to detect "modified versions."

Also Mcafee are also going down the same route. However Sophos Have said they are not going to leave any backdoors.

In other words, the FBI is watching you masturbate, and they like it.

Norton's Statement

 
 
Hi everyone,


No doubt you've read the Official Statement about PIFTS.EXE and the reasons why many posts were removed from this forum. There was no "conspiracy" or "cover-up" - someone was spamming our forums, and we took action to remove these posts. As it increased over a few hours, many threads were removed, and several users were denied access to post in the forums. We were gathering information to distribute, and I'm sorry it took this long to post the info to everyone.

After reviewing some of the emails I've received, it appears that some posts were removed in error, as well as the access of some users. If you feel your access was removed in error, please contact me directly (my email address is listed on my user profile) and I will restore your access to the forums. I apologize for this inconvenience, and thank you for your patience while we deal with this difficult situation. Thank you also to the users who have helped us identify the malicious posts to this forum, it was a big help.

For the sake of keeping the PIFTS.EXE questions consolidated, please feel free to post all your questions/comments about PIFTS.EXE to this thread. Please do not post to a new thread, as we wish to keep all posts in one area. Before you post, please review our official statement for answers to your questions. Thanks again for your understanding with this difficult issue.

Tony Weiss
Norton Forums Administrator
Symantec Corporation
03-10-2009 12:54 PM
 


 

—tl;dr: HAHAHA DISREGARD THAT, I SUCK COCKS.

This is obviously a damn dirty lie, as the admins were almost instantly deleting all PIFTS.exe-related threads long before /b/, or even /x/ got word of it.

Possible IPs

67.134.208.160:80 &
207.46.248.249:80

Details on IP address 207.46.248.249:

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment NameServer: NS1.MSFT.NET NameServer: NS5.MSFT.NET NameServer: NS2.MSFT.NET NameServer: NS3.MSFT.NET NameServer: NS4.MSFT.NET 67.134.208.160: IP address: 67.134.208.160 stats.norton.com ISP Qwest Communications Corporation Country: United States

From all this it would seem that Norton, the FBI, Google and Microsoft are all involved. tl;dr: HOLY SHIT WE'RE FUCKED GET YOUR TINFOIL HATS OUT NOW.

The program analyzed

anubis.iseclab.org

It clearly goes through and scrapes your history, temp files, cookies, etc, and it tries to contact a shady online storage place
they recently acquired. Let's do a lookup on swapdrive! 67.134.208.160:80 is where PIFTS.exe asks to connect to.

Domain Name: SWAPDRIVE.COM

Administrative Contact:
Wallace, Marc
Web Data Group, LC
PO BOX 7241
ARLINGTON, VA 22207-0241
US
703-352-1578

www.webdatagroup.com

Click on " Competitive intelligence." Interesting! They talk about military intelligence gathering right on the page. So this
"update" is scraping internet history and temp data and trying to contact a company who does online storage with shady ties to
intelligence gathering. If it is datamining, Americans need not be surprised, we had AT&T do it on our phones and some act as if
our computers are immune. Hey, let's look more into one of the owners of Swapdrive in the Web Data Group! There are more
interesting people than Marc Wallace.

"Roland Schumann is a former military intelligence officer, having served both on active duty and in the reserves. Trained in
unconventional warfare and electronic intelligence gathering, he also has practical experience in airborne operations, human
intelligence (HUMINT), counter-intelligence, and counter-terrorism. He has performed risk analyses in Latin America for the US
government and in the United States for commercial and government interests."

It is helped to be run by a former military intelligence officer. So there you have it, you have very shady actions by Symantec
regarding the whole thing making people suspicious by deleting any mention of it, they claim it is a simple update, and when we
dive into it, we find out it scrapes your internet history and temp files, interfaces with Google Desktop (G O E C 6 2 ~ 1 . D L L )
, and then where does it try to go? It tries to jump straight to Swapdrive (we know this because it asked permission to
go to 67.134.208.160:80, which is Swapdrive). Who owns swapdrive? The Web Data Group based out of Arlington (wow, the same place the
Pentagon is located, what a coincidence) who has a statement about using military intelligence information gathering right on their
website and who has owners with shady backgrounds as army intelligence officers, and when Symantec is asked about PIFTS.exe, it
immediately tries to cover it up and deletes everything related to it in a very suspicious fashion. Follow the trail, do some research, dig around.

Oh no folks, move along, certainly nothing interesting to see here!

Raid Info

In during shitstorm.

/b/ raided the Norton forums early in the morning on March 10, 2009, following the leak of info about the existence of PIFTS from /g/ to /x/ and eventually to /b/ itself.

Early in the raid, when the wonderful mods still gave a shit, the forums looked something like this. It quickly turned to shit, and lulz ensued all around.

The raid expanded to include trying to Digg the following articles to the front page; Digg (1) and Digg (2).

Most messages were cleaned up and a second shit storm raid has now began.

After loads of EPIC WIN Norton got butthurt and disabled the "New Thread" button.

Gallery

PIFTS.exe Gallery About missing Pics

See Also

External Links


Tf.org-Hackers-free.jpg

PIFTS.exe is part of a series on Security Faggots

1337 h4x0rz

Captain CrunchCult of the Dead CowDavid L. SmithGary McKinnonGOBBLESHD MooreJeff MossKevin MitnickLance M. HavokRobert MorrisTheo de RaadtweevWoz


Try-Hards

2cashAnonOpsBrian SalcedoFearnorFry GuyGadi Evrong00nsHack This SiteHacking TeamhannJoanna RutkowskaJohn FieldJoseph CampLizard SquadLulzSecMark ZuckerbergMarshviperXMasters of DeceptionMichael LynnKrashedRavenr000tRyanSteve Gibsonth3j35t3rThe RegimeSabuZeekill


Related Shit

AviraCiscogateCloudflareConfickerCyberDefenderDefconThe GibsonThe Great Em/b/assy Security Leak of 2007HeartbleedI GOT NORTON!Is Your Son a Computer Hacker?Operation SundevilPIFTS.exeSocial engineeringStylometrySubSevenZone-H

Softwarez series.jpg

PIFTS.exe is part of a series on

Softwarez

Visit the Softwarez Portal for complete coverage.

Featured article March 12, 2009
Preceded by
Is This Battletoads
PIFTS.exe Succeeded by
Louise Ogborn