PcAnywhere Still A Widespread Threat

Dennis Faas's picture

An estimated 200,000 computers may be at risk because they are running an un-patched edition of Symantec's PC Anywhere.

Late last month, Symantec urged all users to cease running the program unless absolutely necessary. The firm later changed its mind, announcing that it was safe to run as long as new security patches were installed.

PC Anywhere became vulnerable when hackers threatened to release source code originally stolen six years ago, apparently without Symantec's knowledge. The hackers attempted to extort the company for $50,000 and then released the code publicly when it refused to pay up.

Thousands of Users Fail to Patch Software

Despite Symantec's warnings, it appears many users have not updated their copies of the software.

Independent security firm Rapid7 carried out an Internet-wide scan and estimates that around 150,000 to 200,000 people are actively running an un-patched edition. (Source: computerworld.com)

Perhaps most worryingly, somewhere in the region of 5,000 of those computers are running a point-of-sale system, where a PC is hooked up to a cash register. That could mean financial data is at major risk.

Remote Control Crashing A Possibility

To make things worse, one security researcher says the potential problems go beyond the fear that a hacker could seize remote control of a computer.

Jonathan Norman says he's already confirmed it's possible to use the leaked code to remotely crash the computer, albeit it only through a sustained effort. While that's not a security risk in itself, it could be devastating for companies that rely on the software, particularly in a financial setting.

It appears the vulnerability Norman has identified may not be linked directly to the original stolen code, and thus could be a more general problem that affects even recent editions of the software.

Norman has published a proof-of-concept code designed to show how such an attack is carried out without giving specific details.

Researcher Criticizes Symantec's Approach to Problem

There's also an ongoing debate about exactly how Symantec has tackled the problem.

It was originally thought the company would completely rewrite the code so that hackers who analyzed the old stolen code wouldn't find it of any use.

Now, an anonymous researcher claims there is comparatively little change to the original, problem code.

"For hackers, the sky is the limit as hackers now have all of the juicy details of the pcAnywhere product as well as accompanying source code for all related components," the anonymous researcher said.

"PcAnywhere is now pcEverywhere." (Source: pcmag.com)

Rate this article: 
No votes yet