PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal?

A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According to the rumour machine, PIFTS.EXE is a Symantec rootkit, a Magic Lantern-type backdoor introduced by the FBI or another law-enforcement agency, the subject of all sorts of other conspiracy theories, as "proven" by the reported removal of all posts relating to the file from Symantec’s own forums (and stories about Symantec’s cooperating with the FBI have circulated for years).

In fact, Symantec’s own statement indicates that the file is actually a diagnostic patch that was inadvertently released unsigned, causing their own firewall to pop up alert messages. Disconcerting for users who downloaded the file before it was removed, but not a real security risk. However, they were also obliged to cancel multiple forum spams that used the name of the PIFTS.EXE file as a "hook", giving rise to the rumours about censorship and suppression.

Even though the explanation has already been issued, I have a feeling that we could be looking at the birth an urban legend that will live on for years. In fact, it looks like being a good week for such ephemera.

The latest SANS Ouch newsletter describes a number of scams and hoaxes:

  • One is a classic phish that claims to be from the Federal Reserve Bank
  • One is an advance fee fraud purported to be from W. Ralph Basham, the Commissioner of U.S.Customs and Border Protection
  • One is a hoax that claims  that President Obama has authorized resettlement of Palestinians to the US
  • The fourth is a phishing scam that pretends to offer a cash reward for completing a survey on behalf of McDonalds.

However, I’ve also received a couple of chain letters: one of them, a "missing child" semi-hoax, deserves a blog to itself.

Director of Malware Intelligence

Author David Harley, ESET

  • mubix

    I by no means buy into the super root-kit routine, I do however think that there will be copy cats (if not already) that are passing themselves off as “OOPS, I’m just an unsigned update, sorry, just install me anyways and we’ll be gravy”.

    Hoax, scam, conspiracy theory lore, ya, already. But something not to warn your users about? Definitely not.

  • David Harley

    Interesting point. I think that deserves a blog to itself, just coming up.

Follow us

Copyright © 2016 ESET, All Rights Reserved.