Symantec has confirmed that a file made available on the internet for anyone to download, does contain the source code for an old version of its pcAnywhere product.
Last month, before releasing a patch, Symantec advised customers to disable their pcAnywhere installations because of concern that hackers could exploit vulnerabilities. In addition, they say that in January someone claiming to be the hacker responsible for the data theft tried to extort $50,000 in exchange for not releasing Symantec’s stolen source code.
Yama Tough, of the Anonymous-affiliated Lords of Dharmaraja hacking gang, posted what he claims was a chain of emails sent between himself and Symantec employee “Sam Thomas” negotiating the payment. Symantec says that it never made any offers to meet the hackers’ extortion demands and worked with law enforcement agencies.As well as pcAnywhere’s source code being available for download from popular torrent websites, there could be further postings. According to Symantec, hackers have so far posted code for the 2006 versions of Norton Utilities and pcAnywhere. The company says that it is expecting source code to be published for other Symantec products:
With customers reassured by Symantec that the illegal theft and distribution of the source code poses no increased risk, the company will be happy to put this episode behind it and move on. Symantec seems to have done the right thing by investigating what occurred, and openly sharing with its users what it discovered about a security breach from years before.