On Monday, users of Norton Internet Security and Norton Antivirus started seeing firewall alerts warning them that an executable named PIFTS.exe was attempting to connect to stats.norton.com. Conspiracy theories immediately started to spread like wildfire. What exactly was PIFTS? Were Symantec surreptitiously monitoring their users? Or was this something much more sinister?

The discussion raged on sites such as Slashdot and on forums across the internet. Symantec fanned the flames when they started deleting questions about PIFTS which had been posted to their web forum without explanation. What did they have to hide? To make matters worse, users searching for information on PIFTS found that they were being directed to malicious websites. Brian Krebs of the Washington Post noted:

          Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them. Both results take you to sites that use Javascript attacks to try and foist rogue antivirus products (ah, the irony).

Symantec finally issued a statement which confirmed what had happened:

          Symantec released a diagnostic patch “PIFTS.exe” targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 – 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec “unsigned”, which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue. Continue reading The PIFTS.exe Conspiracy»

In what Google officials are blaming on human error, for a while every site on the Internet was labled as malicious. For about an hour on Saturday morning, every search result had the warning “This site may hurt your computer.” Users who clicked anyway were brought to a page blocking access and advising them to choose another site. According to the official Google blog, the error occurred during a routine update of the list of malcious sites Google uses to block malicious sites. Unfortunately the human doing the upload made a simple typo: 

          Unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked in as a value to the file and ‘/’ expands to all URLs. Fortunately, our on-call site reliability team found the problem quickly and reverted the file. Since we push these updates in a staggered and rolling fashion, the errors began appearing between 6:27 a.m. and 6:40 a.m. and began disappearing between 7:10 and 7:25 a.m., so the duration of the problem for any particular user was approximately 40 minutes.

While Google fixed the problem quickly and issued a swift apology, it still has many people upset. Having your site labeled as malicious by Google can be very damaging!