Solutionary Threat Report - January 2012

pcAnywhere Vulnerabilities Exposed

One of the more notable incidents that received mainstream attention during the month of January surrounds details of vulnerabilities discovered in Symantec's pcAnywhere software. Symantec pcAnywhere is a product that allows users to remotely control and access resources of a computer across the Internet. The remote code execution and local file-access vulnerabilities were accredited to the efforts of legitimate security researchers as detailed in Symantec advisory SYM12-002 published on January 24, 2012. However Symantec published a separate statement in response to claims made by a member of the hacker group “Anonymous”. In this statement the software vendor confirmed that a portion of its source code had been accessed as a result of a breach suffered in 2006. Symantec advises that any users of supported versions of pcAnywhere implement a Hotfix/software update in order to remediate the vulnerabilities. Symantec went further to release a whitepaper further outlining the nature of the matter, while also providing more detailed response recommendations.

Getting the Upper hand on Mobile Computing

As the month of January came to a close, Symantec published a write-up on what researchers have determined to be malware that has potentially infected five million users of the Android computing platform. Dubbed “Counterclank” and classified as a Trojan, the application, named Apperhand, found its way onto the devices of unsuspecting users when they download one of thirteen variants from the Android Market. Users downloading the app might be expecting an interesting puzzle or some other fun game with which they might pass their time, but that's not all that they get. By permitting the app to install on their device, users may have unwittingly granted it access to make unexpected changes to how the device operates. Considering that the purpose of this application appears to have been to push advertisements to consumers, it's not surprising that classifying Apperhand as malware would trigger a firestorm of debate.
Putting the debate aside for a moment, one thing is clear according to the reports: this application was distributed to a potentially very large number of devices, in a very short period of time, and had potentially unintended consequences. This application may not be inherently malicious, but it might not be long before something truly malicious does come along that uses a similar model. It is because of this potential risk that Solutionary must advise caution when considering the use of such devices in your organization’s environment.