Update 10/03/09 11:50am Luckily, it does appear that
PIFTS.EXE is just a storm in a teacup. Symantec still appear to be saying about as much as the Queen did after Diana died.
So after a mysterious PIFTS.EXE program hits the Kaspersky firewall asking to connect out from one of our machines, I hit the Internet to find that nobody knows, but the world is wondering. According to
Google Trends, it has been hovering between the 15th and 25th most frequent search for the last couple of hours. Various
theories about PIFTS.EXE appear to be emerging: was it some component of Norton Antivirus that went wrong? Is it some mad terrorist plot to wipe the Internet off the face of the earth and thus prevent people from finding out about why Lil' Kim went to jail?
Update 10/03/09 Reading things so far, and just possibly maybe having had a quick look at a disassembly of the exe in IDAPro, the consensus seems to be that the file is essentially harmless, but was an attempt by Symantec to gather some statistics from users' machines about installed antivirus components. A user posting to Reddit also suggests that a
code review of PIFTS.EXE does not reveal anything too nafarious, and that automated code analysers such as
ThreatExpert don't pull anything up either (then again, a "well written" virus wouldn't do, would it?).
Sometimes in cases like this, it's not so much whether there
is anything wrong but whether there
appears to be. Pulling down all forum posts about the file when there is clear user anxiety without then making an official statement doesn't making it look as though everything's hunky-dory...
