Cybercriminals have jumped on the Symantec PIFTS.exe bandwagon with search engines picking up malicious sites.


Graham Cluley, senior technology consultant at Sophos, claimed that he has seen evidence that websites containing malware are showing up in search engine results when people hunt for more information about PIFTS.


Cluley said: “Sophos is already picking up some of these sites as Mal/BadRef-A, and preventing users from accessing them. The Mal/BadRef-A script redirects to another malicious script, which then itself redirects to a page detected as Mal/FakeAvJs-A.

That page leads to a fake anti-virus scan designed to frighten computer users out of their hard earned cash.


“It's ironic that a scare about a file in an anti-virus program is leading users to search and visit a page where they will be scammed by a fake anti-virus program. Of course, the fake anti-virus scan is not related to Symantec or the PIFTS.exe file – it's just that the hackers are using the interest surrounding that file at the moment to generate traffic to their dangerous websites.”


Symantec strongly advised all users to be wary of following links to unknown sites, as malicious users are attempting to use this hot topic to distribute malware.


David Harley, director of malware intelligence at ESET, said: “It's perfectly true that the bad guys are very adept at misusing and misrepresenting a security concept so that they can use it as an attack. On the other hand, it's not unknown for fake patches to be sent out with a fake digital signature.


“However, what we're discussing here is two different issues. Fake patches are sent out using common and easily misused transport mechanisms like email attachments or forged, malicious links. In such a case, a fake signature, where used, is usually just a dummy. It's there to fool the human being who receives the lure (social engineering), not the software.”