Symantec Urges Customers to Disable Compromised Software
CREDIT: Symantec Corporation
Anti-virus giant Symantec is warning customers to immediately disable their pcAnywhere software, as it leaves PCs on which it is installed especially vulnerable to being hacked. It's the company's first major acknowledgment of repercussions stemming from the 2006 theft of its anti-virus source code.
Attackers with access to the pcAnywhere source code "have an increased ability to identify vulnerabilities and build new exploits," Symantec said in its advisory. Customers running the software, which enables them to access remote PCs, face increased risks of man-in-the-middle attacks, which can expose authentication credentials and data from sessions.
Symantec's warning comes on the heels of the revelation earlier this month that a group of hackers, possibly from India or China, stole the source code for the 2006-era versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere.
A malicious party with access to pcAnywhere's source code, Symantec said, can also exploit this advantage to obtain a user's cryptographic key and start unauthorized remote control sessions. "This in turn allows them access to systems and sensitive data."
The problems continue for Symantec: "In an internal pcAnywhere environment, if a network sniffer was in place on a customer's internal network and the attacker had access to the encryption details, the pcAnywhere traffic could be intercepted and decoded," the company said.
Symantec recommends customers disable pcAnywhere software until the company releases software updates that address the vulnerabilities. Its other software products are not at risk, Symantec said on its website, because the stolen source code is old, and "current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident."