I dunno about this but I'm seeing similarities on these threads. Just take a good read of these...

Michelle Obama's Diablo sign (Infowars)
http://www.infowars.com/michelle-obama-flashes-%e2%80%98el-diablo%e2%80%99-hand-signal-on-cover-of-vogue/

Cyber-Attack? (Prisonplanet Forum)
http://forum.prisonplanet.com/index.php?topic=91406.40

Norton AV and PIFTS.EXE (AboveTopSecret)
http://www.abovetopsecret.com/forum/thread444230/pg1

Just posted to make a good debate/discussion or something.

Weird. They're really shooting themselves in the foot.

Hopefully unrelated, my search for information brought me to this (http://en.wikipedia.org/wiki/Magic_Lantern_(software)).

Ok, I've been reading around about pifts.exe and this is what has happened so far...

Monday, March 9, 2009, pifts.exe tried to gain access, but was blocked automatically. 5 hours or so later, users of Norton products and /g/(technology board on 4chan) reported that the program was asking for a manual confirmation to execute. Most users declined and begun to search google for info. Google had no info. With no info, they began to post calm, civil, and intelligent posts on the Norton forums. The posts were met with deletions or the users were banned with no explanation. /g/'s "night shift" worked diligently through the night and to tackle the problem.

This morning, AboveTopSecret and ZoneAlarm forums had refugees looking for answers. Dispite looking to Google and Yahoo! for answers, people recieved the same fate as on Norton forums. Ebaum's World was mentioned but heard little of except during the forum raid by /b/. By noon, /b/(random board on 4chan) began to amass the /b/army to raid Norton forums out of either frustration of Norton's censorship or wanting "lulz".

While the battle raged in the Norton forums between /b/ and the Mods, /g/, AboveTopSecret, Digg, Twitter, and other independents began to deconstruct pifts.exe with Anubis and came to get this.

"Analysis Report for PIFTS.exe
MD5: 91b564d825a3487ae5b5fafe57260810

Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.

- Performs File Modification and Destruction:
The executable modifiesand destructs files which are not temporary.

- Performs Registry Activities:
The executable reads and modifies registry values. It also creates and
monitors registry keys. "

The file allegedly takes data and sends it away, but where does it go? Four IP adresses? One to Norton, one to Microsoft, one to Africa, and one to Washington D.C. Swapdrive is named on ATS, however I'm unsure about 4chan. More was uncovered. Qwest.

What is Qwest?
"From the Qwest website...

"Qwest knows federal IT is mission critical. Which is why we're committed to keeping you up and running, no matter what it takes. We've built networks for agencies across the U.S. government, from the Department of Defense to Energy to Treasury."

here, but Wiki says...

"Qwest was allegedly the lone holdout, despite threats from the NSA that their refusal to cooperate may jeopardize future government contracts""

The government may be involved.

One user of ATS said this:
" I got rid of Norton off of all of my comps a couple years ago. I only used to use them till I found out how much they were slowing down my computers. It has been known in the underground that Norton already writes their own viruses and spreads them so people will sign up for their service. Im nearly 100% positive they do work hand in hand with the Federal Government on issues so this being some sort of spy software or tracking software would not surprise me at all."

Currently, /g/, ATS, and other forums interested are looking more into this.

The war between /b/ and the Norton forum Mods have quieted down but that was due to an "unexpected" forum maintainance.

Norton released this statement:
" Hi everyone,

Symantec released a diagnostic patch "PIFTS.exe" targeting Norton Internet Security and Norton Antivirus 2006 & 2007 users on March 9, 2009. This patch was released for approximately 3 hours (4:30 - 7:40 PM March 9, 2009 Pacific Time). In a case of human error, the patch was released by Symantec "unsigned", which caused the firewall user prompt for this file to access the Internet. The firewall alert for the patch caused understandable concern for users and began to be reported back to Symantec. Releasing a patch unsigned is an extremely rare occurrence that does not pose any security issues to our users. The patch reached a limited number of Norton customers and has subsequently been pulled from further distribution. Norton users are fully protected and do not need to take any action as a result of this issue.

There has been activity in the Norton User Forum related to PIFTS.exe which has generated additional concern and media speculation. At approximately 10:30pmET Monday March 9, Symantec detected that our User Forum boards were being abused by an individual or individuals. One individual created a new user account and posted about the name of the patch executable, PIFTS.exe. Within minutes, several dozen user accounts were created commenting on the initial thread, and/or creating new threads on the topic. Over the next few hours, over 200 user accounts were created. Within the first hour there were 600 new posts on this subject alone. While the intent of the spammer(s) remains unclear, there were no malicious links and it simply resulted in a widespread communications challenge for Symantec. Below are some examples of the forum spam we received from these new user accounts. These forum posts contained no text in the body of the message, simply a subject:

O LAWD IM CHOKIN ON PIFTS PLZ HALP
OH GOD YOU GOT CHOCOLATE IN MY PIFTS
If you wanna be my NORTON/ you gotta deal with my P ! F T S . E X E
IF PIFTS.EXE WAS HERE, THEN WHO WAS PHONE?
PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE PIFTS.EXE
I LOVE MY PIFTS.EXE

Symantec strictly adheres to its Norton Community Terms of Service and does not delete postings unless they are in violation of these guidelines. Upon determining that our User Forums were being abused, Symantec began removing the spam posts.

Finally, it has also been reported by the Washington Post that hackers are taking advantage of this situation. "Some of the top searches (currently the 3rd and 4th result in a Google search) are Web sites that try to install malicious software when you visit them." When searching for information on "pifts.exe," Symantec strongly advises all users to be wary of following links to unknown sites as malicious users are attempting to use this hot topic to distribute malware.

Message Edited by davecole on 03-10-2009 12:45 PM"

If anyone else knows about this, feel free to contribute.