Symantec Advises Disabling Remote PC Software After Code Theft

Security firm Symantec is advising customers of its pcAnywhere to deactivate the remote desk software after individuals from the Anonymous hacker group allegedly stole the source code of the software.

While the actual theft took place in 2006, Symantec only took the action this week to alert customers after an Anonymous-connected hacker located in India tweeted the release of the Norton Utilities source code on Jan. 13.

Symantec  is advising users to not to activate the tool until a comprehensive fix is released. The company has already released a pcAnywhere Hot Fix, which takes care of a handful of issues that hackers could theoretically exploit with the stolen code. However, Symantec stated that this one fix will not patch all the issues related to the now-vulnerable encryption protocol in the software.  

"Malicious users with access to the source code have an increased ability to identify vulnerabilities and build new exploits," wrote Christine Ewing, a Symantec groups project manager, in a blog post. "Additionally, customers that are not following general security best practices are susceptible to man-in-the-middle attacks which can reveal authentication and session information."       
Speaking on the severity of this security breach, Alex Horan, product manager at Core Security, said that due to the nature of the pcAnywhere software, hackers that successfully exploit the code will have unrestricted access to a user's entire computer. " The goal of pcAnywhere is to allow a person to access and control another machine over the network/Internet," Ewing wrote, in a blog post. "If an attacker can determine a method by which they can take unauthorized and unauthenticated control of these machines they bypass all defensive layers, it is as though they walked into your building and sat down at your computer and simply started working."

Along with the source code for pcAnywhere, information for Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities and Norton GoBack were also taken in an apparent cyber theft. However, unlike pcAnywhere, which is still using the similar code stolen in 2006, the other products have gone through major overhauls since the builds from six years ago.

For enterprise users, Symantec is recommending blocking ports associated with the remote client: "Customers should block pcAnywhere assigned ports (5631, 5632) on Internet facing network connections, or shut off port forwarding of these ports," wrote Symantec, in a white paper. "Blocking these ports will help ensure that an outside entity will not have access to pcAnywhere through these ports, and will help ensure that the use of pcAnywhere remains within the confines of the corporate network."

A timetable for the release of a comprehensive fix was not given.

About the Author

Chris Paoli is the site producer for and


  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.