Conspiracy theories run rampent due to PIFTS.EXE

Paul2 Replies

(Looks like some of this was a 4chan gag, check my other post about it)

All of the sudden people around the World are seeing PIFTS.EXE popping up. Norton Antivirus is asking users if they want to accept it. Here what I do know:

Here’s some information I pulled from my Zone Alarm Logs. Does this make sense to anyone?
[ad#cricket-right-ez]2009/03/09 18:26:44 — New Program — PIFTS.exe — Destination IP: 67.134.208.160:80 — outgoing — blocked — Destination: ping.lifecycle.norton.com

2009/03/09 18:47:52 — Program Access — PIFTS.exe — Destination IP: — outgoing — blocked — Destination:

2009/03/09 18:48:28 — Changed Program — Windows Explorer — 207.46.248.249.80 — outgoing — blocked — Destination: sa.windows.com
[Via The Symatec Forums]

This indicates that the program tried to change tactics to go out on the net.  I look a look for this and it is SwapDrive.  So this must be an update to Swapdrive but I am unsure as to why it pops up that way.  The other ip is in Africa or at least take the .80 out of the equation and it points to an Africa IP.  (It looks to my mistake in that little part, “to error is human” Check out this  post about it)  Although just recently Norton Decides to Delete that thread and people are really worried about why?  Is this a cover up of some sort because there is a exploit in the Wild that we don’t know about?  These are good questions that need to be answered.   Here is what one posted about this just after they deleted the forum thread:

Norton Coverup? Do you suppose

As you can see people are taking this deletion on the community forum thread very seriously, they know something is not right in Denmark.  I also want to point out this one:

Proof there was a thread

I don’t know what Norton is up to but this is making me uneasy.  If they are worried about something that they can’t explain or don’t want to explain then they have made a mistake.  Some users are really worried now because Norton isn’t saying anything at all.  I love this post:

A Conspiracy I see!!

As you can see people see this and are worried, I didn’t want these to be taken offline like the first post so I make physical copies to put on my blog.  I want to prove to people that these actually existed.  I would advise people to run Hijackthis to see if you can figure out where this is coming from.  I don’t know why they would hide the truth, it will bite them in the end.  Anyone want to comment on this, I am quiet curious??

*UPDATE 12:01 am 03/10/09*

Seems Norton Deleted all post about PIFTS.EXe so I don’t know what happened but This will have to come out in the open sooner or later.  I just hope it isn’t going to be to late.

Update 12:15am 03/10/09*

Seems people have decided to go to the Zonealarm forums to discuss this:

People are clearing wanting to know why?

You can visit there forums here.  I am getting more curious about this little situation and now tempted to stay up all night watching this!!

[ad#digg-right]I also found this forum thread from BuckeyePlanet.  I am seeing more and more people blogging about this.  So this must be something REALLY big.  Keep sending me comments if you find anything else.  Don’t forget to add me on Twitter.

This looks interesting:
[ad#cricket-1]

Even more interestingly now, after posting a single post asking about PIFTS.exe, which was deleted, and a subsequent post to another forum asking about the deleted posts, which got deleted, I’ve now been blocked from creating new posts or replies on the Norton forums. They really don’t want to talk about whatever this was.

And doubly interesting — or perhaps not, who knows — not sure if this is standard practice at Symantic or what, but opening the PIFTS.exe in a hex editor shows a large section of the end of the file consists only of “PADDINGXX” repeated over and over. I’ve got some background in programming and can’t think of a good reason why you would need padding like that on a legitimate executable. However, if an executable in an update has been compromised it may require padding such as that to match the original executable’s file size or something. But that’s just pointless conspiracy theorizing that likely has no basis. It would be nice though to hear from Norton about what the **bleep** this thing is.
[Via Zonealarm Forum]

I don’t know but I suspecting an update went wrong at least from all the indications I’m seeing.

I will say you have several options available to you:

  • You could get a Free Anti-virus Software

  • You could run without An Anti-virus (Not a great option, wouldn’t suggest it)

  • You could do nothing and wait. (My recommendation until I find out the the full story!!)

Please let’s not start a pandemic over this, I am however worried because Norton has yet to release any public information about this?  I will update as needed but please people let’s not go to OVERBOARD on this!!

Google Get’s rid of the Trend “PIFTS.EXE, no long there.  It was there last night.  Hmm even more questions and answers? (Click image to view it!!)

Proof it was there!!

On a side note, I do not have a
ccess to this file. I’ve had a friend who told me about this and I started to investigate it and as soon as I did that Norton started to kill the messages. That when I knew it was something big. That is why I blogged about it. I do not have the program. I just know that it is being searched really hard because I’ve had more people coming to my site than usual. So please don’t ask about samples, you can comment on this or ask questions. I provide this for the community to let them know!!

(Looks like some of this was a 4chan gag, check my other post about it)

Are you Email domains being blocked by Cricket?

Paul

So I got this Tweet from Mai_ling on twitter and she said:

mai_lingemail

So I did some digging around the net and found it is something that is a common practice for ISP’s to block PORT 25.   If you want to find out if Cricket is blocking your mail service you can easily follow these instructions to see if port 25 is actively being blocked.  So what are some options in fixing this little problem.

[ad#cricket-right-ez]Due to spammers exploiting port 25, ISP have been blocking port 25 for other domains but theirs.   You can receive email but not send email.  Most ISP’s have a way for you to have an Alternative Port that you can use and you should check with your email domain provider to see if you can send and receive on either a SSL or another Port.

You could set up your email client to receive on port 25 but send out on the SMTP server of Gmail.  This would be useful for people who want to send mail out but not have to change there email address.  People will still see it coming from whatevername@whatever.com.   You can tell Thunderbird to send out on the port and yet use your domain as your email address.

Another possible solution that may work for some is to sign up for Google Apps.  The downside of this is It cost 50$ a year but that is 4.20$ a month to be added on to your Cricket Modem charge.  This looks promising and has a 30 day trial so, if it works then you will know before you have to pay for anything.  This should be dealt with by Cricket, they should have a way for there customers to send and receive email without having to jump through hoops to send email and receive email.

Fake Emails about Windows Support spam!

Paul

According to Trend Micro, Some malicious software is being sent to unsuspecting users about Windows SP1 andSP2 having a error that could damage software or even hardware.  See Trends blog with the photos of the fake spam.

[ad#ad2-right]Although from time to time Microsoft does send out security information to Technet subscribers people have also used this in the past to get people to install Viruses and Malware, like this one that installs TSPY_BANKER.MCL. TSPY_BANKER.MCL monitors the affected user’s online transactions and steals banking related information

Microsoft sends e-mail messages to subscribers of our security communications when we release information about a security software update or security incident. Unfortunately, malicious individuals can and have sent fake security communications that appear to be from Microsoft.

[Via Microsoft]

So if you get an email from Microsoft you’ll probably want to delete it.  Any Microsoft communications will be sent from the Update center.  You should never install software that is from an untrusted website.    If you are concerned you should check the web and find out what people are saying about the situation and see if it is a scam or true!!  Remember only you can prevent a virus or Malware!

5 Steps in Finding the right Affiliates!

Paul

So you want to make Money with your blog but don’t know how? I thought I would share with you what I’ve learned in the past few months to earn enough money to pay for the space and web address. I’ll go through each step talking about steps:

First you will need to explore all the great Affiliate programs like OpenX, TMIWireless, AdsenseConverseon, and Commision Junction.   There is of course even more out on the Internet, but these are ones that I like and have given me some insight as to Commission and Affiliate marketing.  I have been using TMIWIRELESS and Converseon more and more.  I still have Adsense but you have to get a balance on Advertising and what people are wanting.

Find the right fit for you blog and talk about the products you like the most.  I like TmiWireless because you give out free phones and still get money in return and Converseon for recommending Cell Phones. You should figure out what does better, and always keep looking. There are more than a few out that will work for you better. If you know one that I should look into let me know.

[ad#ad2-right]Remind readers about the affiliate programs so others can find them and blog about them.  It can also help with people coming to your site because the will encourage other people to check out what you’ve written and your recommendations.  You should come up with ways to promote your affiliates and encourage users to click on them and buy stuff from them.   This has brought in money by having them searched and indexed by Google.  You should find a niche that you have very little competition in, that way you get most of the traffic in for your self.

Create a Sneeze page, although this sounds rude, it is really a page talking about having helpful topics around your products or have them for people to find even more information about your affiliates.  Just like I have a Malware Resource, and Cricket Resource, also Cricket Reviews.  These will make it much easier for people to find what they are looking for and make it more enjoyable for the reader.  It also encourages people to come back and stay a while.

Although this is overlooked it is sometimes necessary to remind your readers about affiliates and talk about a product in detail by asking them to comment on a articles and encourage them to link to you.  This will bring in even more people to look at your blog and your reviews to get your page views higher and get more people to click your affiliate links.

I’ve not followed these steps very well in the beginning of starting my blog but I have learned a lot since then.  I’ve also learned that you need to update your blog on a weekly or even daily to basis to keep readers to come back.  You should always keep searching for even better affiliates to make your blog better.  You can also start advertising your blog by yourself without the middle but that is of yet I’ve not done enough on.  I will in the future when I get more experience under my belt.  I hope this has helped you in some way.

How do you like your Cricket USB Modem?

Paul3 Replies

Lately I talked about the A600 USB 3G modem and Now I want to hear from the Readers?  You see I can’t do my best reviewing these with comments from the readers, that being you.

techlinkblog[AT]gmail.comClick the picture to send me email, just remember to replace “AT” with “@”.

So I want to hear what you think about either the USB UM100 Modem or the A600 USB 3g Modem?  Here a re a few things to answer when you write your email.

Something will go to the people who email me?  I want to publish some of these comments on my blog for all to read.  I want to hear if what I am publishing helps you?  I will even give your credit as  to who wrote it.  If you have a site or something you want to promote by all means add that to your testimonial.  Here’s the basic questions that should be talked about:

  • Which one did you buy? (Cricket USB A600 or Cricket USB UM100)

  • Did you Upgrade from the Cricket USB UM100 to the Cricket USB A600?

  • Are you using it for travel or Primary internet?

  • Is it for business or Pleasure?

  • Are you happy with your choice?

  • Do you recommend the Modem to friends and family?

  • Any Situation you can think of where this has been helpful?

I am going to be asking for comments from Cricket about this also and I will be publishing this later on this month but before I do that you will have your chance to tell the company what you think of their Broadband solution.  Please keep these comments family friendly, if you cuss and I publish it, be advised I will edit the cussing to be family friendly.