Report: pcAnywhere Code Unchanged for 10 Years

An anonymous analysis of the leaked pcAnywhere source code shows that the software had undergone little change over the past decade.

The information, presented and published by Infosec Institute, included a breakdown of the code stolen by hackers in 2006 and published online last month.

While the software had undergone multiple version releases over the last 10 years, the only changes made were for compatibility issues, according to the report.

"Symantec's code is heavily commented with dates for all changes. Readme files are present for each and every software component, many readme files acting as a change log complete with versions and dates," said the anonymous report. "A surprising amount of the core code originates from what is now 10 years ago with only a few added changes, mainly to accommodate changes in Windows versions."

Included in the code were Symantec's plans for the latest version (12.5), which called for eight developers to spend 4448 hours working on updated code. However, the code also documented that this never happened.

Another important fact found in the code was for a "silent" version of the software that could run on a computer that would be hidden from the user. According to the anonymous researcher, this is very important because attackers could use the code to create hidden-door exploits.

"For hackers, the sky is the limit as hackers now have all of the juicy details of the pcAnywhere product as well as accompanying source code for all related components. pcAnywhere is now pcEverywhere," said the report.

And it looks like hackers have already started exploiting the code. Johnathan Norman, director of security research at network security vendor Alert Logic, released code last week that allegedly crashes the software's service called awhost32. He also noted that this also works against Symantec's recent update to the software.

However, this specific denial-of-service attack may not be worth attackers' effort, as the awhost32 feature automatically relaunches after a crash, said Logic.

According to Infosec Institute's report, the best course for action would be to permanently block the ports used by the software and look for alternative remote desktop tools, even for those that have patched their software.

"pcAnywhere was originally a product for the dial-up internet days which has become obsolete by other products that provide more secure ways of remote connections," according to the  report.  If you are a company user with pcAnywhere, uninstalling it is the only way to be safe that your computer is not under potential threat of undetected remote control and compromise."

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube