Some 200,000 unpatched versions of the remote-access software found in the wild, meanwhile, exposed source code could make even patched PCs vulnerable to takeovers.
Symantec advised users of its compromised pcAnywhere software to disable the remote-access tool about a month ago, but a security firm said this week that as many as 200,000 computers out in the wild may still be exposed to hijacking by hackers, including some 5,000 systems used to collect and process credit card data.
Symantec first advised pcAnywhere users to uninstall the software in late January after an anonymous party published the software’s 2006 source code on the Internet. The security software vendor then issued patches for versions 12.0, 12.1 and 12.5 of the product, which enables users to remotely access their PCs from other computers and devices.
The security software vendor said at the time that customers who patched their software with those updates should be protected from possible attacks stemming from the hackers’ access to the source code, which security experts warned could include remote commandeering of vulnerable computers.
But weeks after the patches were issued, Rapid7, a Boston-based a vulnerability management and penetration testing company, reported that it had identified between 150,000 and 200,000 PCs running unpatched versions of pcAnywhere after scouring the Internet this past weekend.
Between 3,450 and 5,000 of those systems were also running point-of-sale software that’s often used by small businesses in computers tied to cash registers, according to Rapid7.
Meanwhile, an anonymous security researcher posting on the InfoSec Institute website reported Wednesday that even patched versions of pcAnywhere may be vulnerable to attack.
The researcher claimed that “core functionality in the product has and continues to exist today from the same code used for years,” adding, “[f]rom the included design plans for 12.5 (current shipping version) there were no plans for an entire code base rewrite, and developer resources were kept to the same budgeted man hours for the previous release. 12.5 is simply a continuation of this same code base.”
The InfoSec poster went on to issue a chilling warning for users of even a patched version of the software.
“For hackers, the sky is the limit as hackers now have all of the juicy details of the pcAnywhere product as well as accompanying source code for all related components,” the anonymous researcher wrote. “PcAnywhere is now pcEverywhere.”
By Damon Poeter, PCMag