Yesterday Symantec surprised many of us with an announcement to disable its’ pcAnywhere software. It seems the irrelevant source code that was stolen in 2006 wasn’t so irrelevant to hackers. Now the anti-virus software you use to protect yourself from threats is what hackers are using to attack you.
In 2006 hackers stole the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks and pcAnywhere. Earlier this month hackers threatened to release the source code. The threat was toothless since Symantec assured users that updates to their code since 2007 would dissolve any risks to attacks. It seems that was true for everything except pcAnywhere.
Cyber criminals who have access to the stolen source code—whether it’s current or not—are still able to study it. They can learn how the encryption or encoding works, even find holes that were overlooked in recent updates. Once holes are identified, new exploits can be built for new attacks. That’s exactly what hackers have done.
Symantec’s pcAnywhere software lets people connect their PCs to other PCs remotely. The security hole was in the encryption/encoding methods used to secure the communications between PCs. Hackers learned they could intercept and use the signal for attacks.
In a statement, Symantec reported “all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk” and recommended “disabling the product until we release a final set of software updates that resolve currently known vulnerability risks.”
Since then a hotfix has been issued for pcAnywhere 12.5 with more patches on the way for versions 12.0 or 12.1. Symantec also recommends to those with earlier versions to upgrade to 12.5 first, apply patches when they are issued and then “follow general security best practices” (which of course you’re all doing all of the time anyways, right?)