Sign up to our newsletter
PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal?
A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According to the rumour machine, PIFTS.EXE is a Symantec rootkit, a Magic Lantern-type backdoor introduced by the FBI or another law-enforcement agency, the subject of all sorts of other conspiracy theories, as "proven" by the reported removal of all posts relating to the file from Symantec’s own forums (and stories about Symantec’s cooperating with the FBI have circulated for years).
In fact, Symantec’s own statement indicates that the file is actually a diagnostic patch that was inadvertently released unsigned, causing their own firewall to pop up alert messages. Disconcerting for users who downloaded the file before it was removed, but not a real security risk. However, they were also obliged to cancel multiple forum spams that used the name of the PIFTS.EXE file as a "hook", giving rise to the rumours about censorship and suppression.
Even though the explanation has already been issued, I have a feeling that we could be looking at the birth an urban legend that will live on for years. In fact, it looks like being a good week for such ephemera.
The latest SANS Ouch newsletter describes a number of scams and hoaxes:
However, I’ve also received a couple of chain letters: one of them, a "missing child" semi-hoax, deserves a blog to itself.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET