The state of malware, and the prevalence of spam and phishing attacks that spread it, have caused us to look over our virtual shoulders in paranoia. Being paranoid isn’t necessarily a bad thing in the security business mind you, and the general philosophy of the IT security manager should always be, “Yes, they really are out to get you.” But this constant state of awareness may cause us to distrust even legitimate files when they appear out of nowhere.

Such is the strange case of the pifts.exe file, which thousands of users suddenly discovered on their computers without explanation, as was reported in the Washington Post’s “Security Fix” blog. Originally, the SANS Internet Storm Center had reported on the incident, stating that the file was related to a Symantec update, which Symantec confirms, so the file is legitimate. If you see it, you’ve not been a victim of a virus implantation, the purpose of the executable is to determine whether customers need to migrate to a newer version of the anti-virus software because of upgrading to Windows 7. The executable gathers the relevant information and “phones home” with data.

What’s strange though, is that the number of people that thought it was a virus–and Symantec didn’t help matters any on that front, by deleting thousands of comments in the user forum about the issue. The confusion may have inadvertently fed the beast though. The Post blog also notes that phishers have already created bogus web sites to take advantage of people searching for information about the file, directing them to sites that sell bogus antivirus software.