The hacker going by the name of YamaTough has released the source code for antivirus firm Symantec’s pcAnywhere utility. This has raised fears that other hackers could find security holes in the product and attempt takeovers of customer computers.
1.27 gigabytes of Symantec source code appeared on The Pirate Bay, a file sharing site, and within hours it had been shared hundreds of times. Symantec confirmed that the code posted was real and said it stolen in a 2006 breach of its network.
This move by YamaTough comes in wake of the failed email negotiations over a $50,000 payout to the hacker. The email thread had been leaked to the media, but both the Symantec and YamaTough had claimed that their participation in the thread was a ruse. YamaTough said he was always going to publish the code, while Symantec said law enforcement had been directing its side of the talks.
Now analysts are claiming that Symantec’s extended negotiations with YamaTough might have been part of the company’s well thought strategy to buy time, while it issued fixes to the pcAnywhere program, which allows customers to access their desktop machines from another location.
Cris Paden, the company spokesman said, “Symantec was prepared for the code to be posted at some point and has developed and distributed a series of patches since January 23rd to protect our users against known vulnerabilities.”
Symantec had taken the extraordinary step of asking customers to stop using the software temporarily until it readied the patches. It issued fixes for “known vulnerabilities” in YamaTough version 12.5 of the software on January 23 and fixes for versions 12.0 and 12.1 on Friday January 27.
Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security. “As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any disclosure,” Paden said.
The emails over the $50,000 payoff were widely circulated. Many users of social networking sites were found mocking the world’s largest standalone security company for it’s apparent attempt to buy protection. But the company said the emails were in fact between the hacker and law enforcement officials posing as a Symantec employee.