Hackers have posted source code for Symantec's pcAnywhere to file sharing service BitTorrent following a failed extortion attempt last month.
The 2006 version pcAnywhere code was uploaded to a 1.27Gb file and shared by hundreds of users.
Symantec said it expected the hacking group to also post code for the 2006 version of Norton Internet Security, and the now defunct Norton Antivirus Corporate Edition and Systemworks.
"We can confirm that the source code has been posted and is legitimate,” the company said in a statement.
"Be advised, we also anticipate Anonymous to post the rest of the code they have claimed to have in their possession.
"We have been conducting direct outreach to our customers since 23 January to reiterate that, in addition to applying all relevant patches that have been released, we’ve also counseled customers to ensure that pcAnywhere version 12.5 is installed, and follow general security best practices."
The January extortion was revealed this week when a hacker using the alias YamaTough demanded $US50,000 ($A46,683) from Symantec to destroy the stolen source code and make a public statement denying that he/she stole the data.
A string of emails posted to pastebin by the hacker revealed the exchange between a purported Symantec employee and YamaTough.
Symantec’s US headquarters said the exchange was part of a coordinated investigation with law enforcement to catch the extortionist.
The Gmail address used to contact the hacker was established and run by police, Symantec said.
“Anonymous actually reached out to us, first, saying that if we provided them with money, they would not post any more source code. At that point, given that it was a clear cut case of extortion, we contacted law enforcement and turned the investigation over to them."
"All subsequent communications were actually between Anonymous and law enforcement agents – not Symantec. This was all part of their investigative techniques for these types of incidents.”
Symantec said it could not comment further due to the ongoing nature of the criminal investigation.
In the leaked email conversation, Symantec appeared to offer to wire the hacker $US1000 ($A933) as “a sign of good faith”, and pay the remaining $US50,000 in $US2500 ($A2333) installments.
Copyright © SC Magazine, Australia
Issue: 303 | May
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.