Symantec advises users to turn off pcAnywhere in hack aftermath

Symantec has advised customers to take their copies of pcAnywhere offline as the company continues to struggle with the aftermath of a major data breach.

The company issued a whitepaper addressing new vulnerabilities in its remote access tool which have been exploited by a recently publicised attack which allowed attackers to gain access to the application's source code.

The 2006 hack was recently brought to light by an Indian hacking team which is seeking to publicly distribute the code.

Symantec has now determined that a major update is necessary to protect users from any flaws revealed in the compromised source code.

The company is advising users of pcAnywhere 12.5 to disable the remote management tool until an update is released.

"At this time, Symantec recommends disabling the product until Symantec releases a final set of software updates that resolve currently known vulnerability risks," the company said in the whitepaper.

"For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow the general security best practices discussed herein."

If users do not take their copies of the tool offline, the company warned that attackers could possibly compromise systems and perform 'man in the middle' attacks which could result in the theft of user credentials and other network traffic.

The company has provided further analysis of the issue and best practices for securing pcAnywhere in the full whitepaper report.