Symantec says a buggy diagnostic program spurred a rash of Norton antivirus user complaints late Monday and Tuesday morning.
Problems started around 4:30 p.m. Pacific Time on Monday, when Norton Internet Security and Norton Antivirus 2006 and 2007 users started receiving error messages connected to a Symantec software update that tried to download a program called PIFTS.exe.
Users reported that Norton's own firewall software was popping up error messages asking them if they wanted to install the PIFTS.exe file. Norton's firewall would have let it pass, had it been digitally signed.
The update was available for about three hours and was pushed out to a small, "limited number" of Norton users, said Jeff Kyle, a group product manager of consumer products with Symantec.
PIFTS (Product Information Framework Troubleshooter) is a diagnostic program that Symantec periodically sends out to users to anonymously collect information such as the operating system and version number of the product being used in order to get a snapshot of its user base.
The troublesome, unsigned PIFTS.exe file is no longer being distributed, but it never represented any kind of security threat, Kyle said. "If a user would have accepted it they should have been fine, and if they declined it they should have been fine."
However, the trouble was only just beginning.
Around 7:30 p.m. Pacific Time, Symantec noticed that its Norton support forums were being flooded with blank messages that had PIFTS.exe in their subject line. Within three hours there were 600 posts about PIFTS.exe. The posts contained no text, only subjects such as "IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?" and "OH GOD YOU GOT CHOCOLATE IN MY PIFTS."
Symantec suspected spammers
Symantec began deleting the messages, assuming they were from spammers.
Soon the SANS Internet Storm Center had picked up on PIFTS.exe and noted that Symantec discussion-group messages were being deleted. Noting that messages mentioning the mysterious file name were being deleted from Symantec's support forums, SANS said that something "truly bizarre was going on."
By now, Norton users were becoming worried. "Norton Users Worried By PIFTS.exe, Stonewalling By Symantec," read a Slashdot post on the topic.
"Whether you believe this is something malicious or not, it is worrying the lengths the company will go to stop people from asking questions about PIFTS.exe," wrote one poster to the Abovetopsecret.com Web site. "If you have Norton on your computer, I currently advise you to not allow pifts.exe through your firewall."
Then the hackers stepped in. By midday Tuesday, criminals began posting malicious Web pages that would pop up high on Google searches for PIFTS.exe.
"With parts of the Internet flustering over the Symantec / PIFTS.exe debacle, hackers have set out to poison search engines in an attempt to cash in on unsuspecting computer users," wrote Graham Cluley, a senior technology consultant with security vendor Sophos.
Cluley said that three of the top five Google results for a pifts.exe search led to pages that redirected users to malicious Web pages, which tried to install fake antivirus software on victims' systems.
Late Tuesday afternoon, these malicious results were still turning up high in Google searches for PIFTS.exe.
"Of course, the fake anti-virus scan is not related to Symantec or the PIFTS.exe file," Cluley added. "It's just that the hackers are using the interest surrounding that file at the moment to generate traffic to their dangerous Web sites.
Anton Zajac, president and chief executive officer of ESET, takes the saying, "the early bird catches the worm," quite seriously, catching worms, viruses, spyware, trojans, phishing
and other Internet menaces before they know what hit 'em. ESET stands for Essential Security Against Evolving Threats, and the security software firm behind the name opened its U.S. headquarters in San Diego in 1999. In 2007, the company moved into a 25,000-square-foot office in Little Italy [in San Diego].
The number of local employees also grew, from 43 in 2006 to almost 100 in 2008.
ESET's NOD32 Antivirus -- its flagship product -- Smart Security, and Mobile Antivirus, stay ahead of the curve thanks to "heuristics," a system of detecting threats on the horizon.
"ESET has been a pioneer of a proactive detection which is not based on a previous knowledge of the files, but rather, it's based on how it behaves, either via e-mail or Web site browsing or any other vectors of attack," said Zajac.
The industry's biggest shift, according to Zajac, is that malware used to be created by programmers seeking fame; now it is created by organized crime groups.
He says there are more and more targeted attacks on specific companies in which hackers and malware writers use profiling and social engineering tactics to gain access to employee computers.
While malware continues to change and grow -- Zajac says his team comes across 100,000 unique examples of malicious code daily -- ESET and his competitors are gaining ground for their customers.
Doubled Revenues
ESET more than doubled its revenue to $33.8 million in 2006, and jumped to $62.6 million in 2007 from $14.5 million in 2005. And even in a sluggish economy, antivirus software sales haven't slowed.
"It's a multi-billion-dollar business," says Zajac. "Based on (industry research) reports
Zajac believes ESET Smart Security, introduced in October 2007, was a big contributor to last year's revenue growth, representing 25 percent to 30 percent of 2008's estimated revenue of $120 million.
Smart Security combines antivirus protection with anti-spam and firewall features.
Also new to the lineup, ESET Mobile Antivirus, is anti-malware specifically created for mobile devices such as smart phones.
The commercial version was released last fall.
"I expect this to be an extremely fast-growing segment of our product line, since it reflects the transient in the industry in the way our clients use technology," said Zajac.
ESET LLC is a spinoff of ESET, an accounting software firm launched in Slovakia 17 years ago. The company has labs in Slovakia, England, Argentina and the Czech Republic and recently opened a lab in Poland. Around 40 percent of revenue comes from the United States.
Largest Client Renewal
ESET was just renewed by its largest client, the Ontario Ministry of Education. In 2007, the agency selected NOD32 to protect 350,000 machines, says Zajac, which has been increased to 400,000 networked computers.
The firm's clients include big companies such as Dell Computer Corp. and Microsoft
In 2008, ESET was listed as No. 11 on the Business Journal's list of the county's 100 Fastest-Growing Private Companies.
"I believe the biggest success we have accomplished is that we stayed focused, which allowed us to sustain the growth of the company," said Zajac. "We look at long-term investments, not short-term gain."B y (MR.KAKAR)
0 comments:
Post a Comment