X

Symantec tells customers to disable PCAnywhere

PCAnywhere customers should turn the remote connection software off until Symantec issues software to protect against potential attacks resulting from stolen source code.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Symantec is urging customers to disable PCAnywhere until it issues a software update to protect them against attacks that could result from the theft of the product's source code.

Someone broke into Symantec's network in 2006 and stole source code for PCAnywhere, which allows customers to remotely connect to other computers, as well as Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks, the company said last week. Earlier this month, hackers in India affiliated with the Anonymous online activist group said they had gotten the code off servers run by Indian military intelligence.

Hackers have threatened to use the pilfered code to attack companies using it and then release the code publicly. The affected products have been updated since 2007 so there is no risk to customers, except for PCAnywhere, Symantec said.

"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," the company said in a white paper (PDF) offering security recommendations for PCAnywhere customers released this week. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the paper said. Customers who rely on it for business critical purposes should install version 12.5 and apply relevant patches.

PCAnywhere 12.0, 12.1, and 12.5 customers are at increased risk, as well as customers with prior, unsupported versions of the product, according to Symantec.

"There are also secondary risks associated with this situation. If the malicious user obtains the cryptographic key they have the capability to launch unauthorized remote control sessions. This in turn allows them access to systems and sensitive data," the white paper warns. "If the cryptographic key itself is using Active Directory credentials, it is also possible for them to perpetrate other malicious activities on the network."

Update 3:31 p.m. PT: Separately, Symantec released a hotfix for several critical vulnerabilities in PCAnywhere on Tuesday, but said it did not know of any publicly available exploits.