Cybercriminals have been exploiting an unsigned message asking users whether they trust a file download for a diagnostic patch called PIFTS.exe from Symantec for Norton Anti-virus.

The file was distributed without a signature for three hours on Monday to users running Norton's 2006 and 2007 versions. When users began posting blogs questioning the file’s legitimacy, cybercriminals caught on and began poisoning results so that malware sites would turn up higher in search results for PIFTS.exe.
Security experts said normally patches such as this would be signed by Symantec, but a human error resulted in the unsigned patch being released Monday.

The legitimate file sent out to Norton subscribers is used to collect information for Symantec, to find out if users’ subscriptions are up-to-date and what version they are using.

When the patch asked to be installed, the firewall asked users if they trusted the file, raising the alarm for users and setting off the scramble for information about the file. That resulted in cybercriminals trying to take advantage of the situation.

Original Article.

Our comment: Software developers need to get smart about providing all updates as DIGITALLY SIGNED software applications. However, consumers need to start understanding that security comes at a cost - these security measures are easily overlooked by customers - they need to understand what signed applications mean - and how to verify them.

This entry was posted by Greg Hewitt-Long on Thursday, March 12. 2009 at 12:03. and is filed under Adware, Spyware and Trojans.