Symantec releases ‘hotfix’ for Anonymous hack

Symantec has released a “hotfix” for customers affected by an Anonymous hack that targeted its pcAnywhere software. The fix comes after the security company released a statement confirming that the Anonymous hacktivist group had gained access to its source code, which was a “result of a theft of source code that occurred in 2006”.

The source code theft affected PCAnyWhere — a tool that allows customers to remotely connect to other computers –, as well as Norton Antivirus Corporate Edition, Norton Internet Security and Norton SystemWorks.

Earlier this month, Cnet reported that hackers in India, who claimed to be affiliated with Anonymous, said they got the code off servers run by Indian military intelligence.

The group threatened to use the stolen code on companies that use it and then release the code publicly, but Symantec said there was no real risk, as the affected products had been updated since 2007, except for pcAnywhere.

“Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits,” said the company in a white paper with security recommendations for pcAnywhere customers. “Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information. At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks.”

pcAnyWhere versions affected include PCAnywhere 12.0, 12.1 and 12.5 and the company says it will continue to issue patches for these versions “until a new version of pcAnywhere that addresses all currently known vulnerabilities is released.”