Pages

Thursday, February 9, 2012

Symantec Source Code Published to Web After Hacker Negotiations Fail

Symantec confirmed that its pcAnywhere source code has been published to The Pirate Bay and possibly other channels, although it reiterated that recent patches should protect customers.
A BitTorrent file advertising itself as "Symantec's pcAnywhere Leaked Source Code" appeared on The Pirate Bay Web site Tuesday morning, uploaded by a user named "stun". An image of the "AntiSec" subset of the Anonymous hacker group appeared alongside.
Yamatough, a hacker to whom Symantec offered $50,000 to prevent publication of the code, also said that the "NAV" (Norton Antivirus) source code would be published soon. At press time, that code had not appeared.
"Symantec can confirm that the pcAnywhere source code that has been posted is legitimate," a Symantec representative confirmed in an email on Tuesday. "It is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to have been in possession during the last few weeks."
"We were prepared for the code to be posted at some point, and have developed and distributed a series of patches since Jan. 23rd to protect our users against known vulnerabilities," the Symantec representative added. "We have been conducting direct outreach to our customers since Jan. 23rd to reiterate that in addition to applying all relevant patches that have been released, customers should also ensure that pcAnywhere version 12.5 is installed, and follow general security best practices."
Other published torrents from "Stun" on The Pirate Bay include the "Cablegate" list of leaked diplomatic cables, databases of an alleged pro-Nazi Web site, and confidential documents and images of actress Julianne Hough, among others.
On Jan. 26, Symantec advised users to disable pcAnywhere following the disclosure of a 2006 attack on Symantec, where source code used in its older enterprise antivirus products was stolen. Hacker group the Lords of Dharmaraja of India threatened to publish the code online. Although the code dated back to 1999, security expert Alex Horan of CORE Security Technologies said there was still potential for harm.
After patching versions 12.0, 12.1, and 12.5 of pcAnywhere, however, Symantec gave the green light to users to begin using it again.
Yamatough, one of the members of the Lords of Dharmaraja group, also promised to release the source code to the 2006 versions of Norton Antivirus Corporate Edition. (Other code involved in the 2006 attack included Norton Internet Security and Norton SystemWorks, including Norton Utilities and Norton GoBack.)
Again, however, Symantec downplayed the significance of the leak.
"To be correct, the code is for Norton Antivirus Corporate Edition, i.e., what used to be used by enterprises," the Symantec representative said.
"As it is, customers face no security threats if the code is posted. It's a product that is no longer available, supported, or sold," the representative added. "The code is so old that even if there were attempts to generate a cyber attack, it would take on the characteristics of a 2006 attack. The age of the code inherently limits what can be done with it. It is, essentially, worthless code. At this point, Anonymous would be releasing it for PR purposes and that's it."
"If customers are using a current version of our products, they will be protected," the Symantec representative concluded.

No comments:

Post a Comment