Hackers wanted $50,000 to keep Symantec source code private

As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of the its flagship security products off the Internet, the company confirmed to CNET this evening.

An e-mail exchange revealing the extortion attempt posted to Pastebin: http://pastebin.com/GJEKf1T9 today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named "Yamatough" to prevent the release of PCAnywhere and Norton Antivirus code. Yamatough is the Twitter identity of an individual or group that had previously threatened to release the source code for Norton Antivirus.

Source: http://cnet.co/yrVlad

Symantec is warning customers who use its pcAnywhere software for accessing remote PCs to stop using it after an increased risk of getting hacked due to a 2006 source code leak in which the hacker group Anonymous threatened to leak: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120124_00

"Our investigation continues to indicate that the theft is limited to only the code for the 2006 versions of Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere. Our current analysis shows that all pcAnywhere 12.0, 12.1 and 12.5 customers are at increased risk, as well as customers using prior versions of the product. pcAnywhere is also bundled with numerous Symantec products," Symantec stated in an official press release: http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims

Symantec made this announcement after it learned about a hacker named YamaTough leaked the source code to Norton Utilities and had threatened to publish the company's widely used anti-virus programs: http://scforum.info/index.php/topic,7359.0.html

Symantec simply wants users to temporarily stop using the product until an update is released. "At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," Symantec stated.

Those who use Symantec's other software title were not at risk. "The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," Symantec added.


The company recommends the following practices to ensure a minimal risk to the security breach:

- Making sure your AV definitions are up to date

- Making sure your software is upgraded to the latest maintenance version
 
- As it makes sense for your organization, upgrade to the latest version of Symantec Endpoint Protection, which is SEP 12.1 RU1. Our analysis shows that the code theft does not require organizations to accelerate an upgrade to SEP 12.1.

(WB)