pcAnywhere Compromised: Disable Immediately!

"It was the machines, Sarah."

Get the WebProNews Newsletter:

pcAnywhere Compromised: Disable Immediately!
[ Technology]

On January 4, Anonymous tweeted that an Indian hacker group had posted Symantec source code to Pastebin.

In response to this warning, Symantec has issued a security white paper (pdf) recommending that all users of pcAnyhwere disable the software until further notice.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006. We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

pcAnywhere is a Norton product that allows for direct PC to PC communication.If the ctolen source code is actually released, the damage to networks that use pcAnywhere could be considerable.

More detailed information from the white paper:

Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product. pcAnywhere is also bundled in three Symantec products, Altiris Client Management Suite and Altiris IT Management Suite versions 7.0 or later, and Altiris Deployment Solution with Remote v7.1. In addition, customers with earlier versions of Altiris suites may have opted to leverage pcAnywhere. The increased risk is isolated to the pcAnywhere components only. There are no known impacts to the rest of the components in the Altiris products or the pcAnywhere Solution component that provides integration between pcAnywhere and the Symantec Management Console. Customers should validate the remote control tools currently in use.

There are also secondary risks associated with this situation. If the malicious user obtains the cryptographic key they have the capability to launch unauthorized remote control sessions. This in turn allows them access to systems and sensitive data. If the cryptographic key itself is using Active Directory credentials, it is also possible for them to perpetrate other malicious activities on the network.

In an internal pcAnywhere environment, if a network sniffer was in place on a customer’s internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded. This implies that a customer either has a malicious insider who planted the network sniffer or has an unknown Botnet operating in their environment. As always, security best practices are encouraged to mitigate this risk.

Since pcAnywhere exchanges user login credentials, the risk exists that a network sniffer or Botnet could intercept this exchange of information but even then it would be a difficult task to actually interpret the data even if the pcAnywhere source code is actually released. For environments with remote users, this credential exchange introduces an additional level of exposure to external attacks.

pcAnywhere Compromised: Disable Immediately!
Top Rated White Papers and Resources
  • http://www.wedgeim.com web design

    Anyone still using any Norton products deserve to be hacked. Norton is a resource pig bloatware piece of crap

  • http://www.LAokay.com Steven G

    To be honest I don’t see the point in using PCanywhere at all when you can simply use remote desktop.

  • http://twitter.com/#!/youranonnews A

    And that’s what you get for using crapware. If you want remote access, use remote assistance, remote desktop, or a secure VPN, not Norton bloatware.

  • Bart

    Since source code has so much of importance once released, is this means that there was some sort of build in back-door that is going to be exposed to everyone not just to Norton/Symantec and so called authorities ?
    If so I would strongly discourage everybody from using this software at all, perhaps even stop using all this company software from ‘the land of freedom’.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom