Symantec warns pcAnywhere users of remote software code hack

Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.

While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code Jan. 13.


Related coverage:

FTC site still down after Anonymous hack; anti-piracy fallout spreads

Duqu attacks Windows via fonts; fix could harm display


Symantec is advising users to not to activate the tool until a comprehensive fix is released. The company has already released a pcAnywhere Hot Fix, which takes care of a handful of issues that hackers could theoretically exploit with the stolen code. However, Symantec stated that this one fix will not patch all the issues related to the now-vulnerable encryption protocol in the software.  

"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," wrote Christine Ewing, a Symantec groups project manager, in a blog post. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks, which can reveal authentication and session information."

Speaking on the severity of this security breach, Alex Horan, product manager at Core Security, said that due to the nature of the pcAnywhere software, hackers that successfully exploit the code will have unrestricted access to a user's entire computer. " The goal of pcAnywhere is to allow a person to access and control another machine over the network/Internet," Ewing wrote, in a blog post. "If an attacker can determine a method by which they can take unauthorized and unauthenticated control of these machines they bypass all defensive layers, it is as though they walked into your building and sat down at your computer and simply started working."

Along with the source code for pcAnywhere, information for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack were also taken in an apparent cyber theft. However, unlike pcAnywhere, which is still using the similar code stolen in 2006, the other products have gone through major overhauls since the builds from six years ago.

For enterprise users, Symantec is recommending blocking ports associated with the remote client: "Customers should block pcAnywhere assigned ports (5631, 5632) on Internet facing network connections, or shut off port forwarding of these ports," wrote Symantec, in a white paper. "Blocking these ports will help ensure that an outside entity will not have access to pcAnywhere through these ports, and will help ensure that the use of pcAnywhere remains within the confines of the corporate network."

A timetable for the release of a comprehensive fix was not given.

Reader Comments

Fri, Jan 27, 2012

Netop is offering free access to their secure Remote Control software for the next month to any pcAnywhere users affected by this breach. Learn more here: http://www.netop.com/products/administration/remote/security/pcanywhere.htm

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above