Earlier this month, Symantec released patches for its PCAnywhere program, saying the patches would protect its users from hackers who have gotten control of PCAnywhere source codes. These were critical patches for Windows versions of PCAnywhere. With these patches, Symantec also admitted that some of its source code was stolen back in 2006, and it was being contacted by the Lords of Dharmaraja (a hacker group) over these stolen codes.

Symantec PCAnywhere 12.5 is the world’s leading remote access software solution. It lets you manage computers efficiently, resolve helpdesk issues quickly, and connect to remote devices simply and securely.

While the patches released by Symantec fixed known vulnerabilities, there could still be some unknown vulnerabilities, which were unpatched.

Symantec claims that the Anonymous interacted with the FBI in its negotiations, but it is unclear whom they really contacted. Some speculate it is Symantec, and they are using the FBI story as a cover up. On the other hand, the hackers have released 1.27 GB of data this Monday, and claim that there is more.

An interesting part of the conversation between Symantec and hackers reads,

We cannot pay you $50,000 at once for the reasons we discussed previously.  We can pay you $2,500 per month for the first three months.  In exchange, you will make a public statement on behalf of your group that you lied about the hack (as you previously stated).   Once that’s done, we will pay the rest of the $50,000 to your account and you can take it all out at once.  That should solve your problem. Obviously you still have our code so if we don’t follow through you still have the upper hand.

When Symantec tried to play the hacker Yama Tough, who claims to have the code, he got impatient and released the code online on 6 February. After analyzing the leaked code, Symantec has declared that it is a five-year-old code and its patches are enough to keep users safe. However, these source code leaks are unacceptable from a company that deals in security.

The list of email conversations can be found on this paste from PasteBin.

Anonymous has made a Pastebin dump of email exchanges between a Symantec representative called Sam Thomas and Yamatough, the spokesperson of the hacker group Lords of Dharmaraja.

The hacker group is accusing Symantec of ‘bribing’ them in order to prevent the release of the pcAnywhere source code. Looking at the email exchange however, it seems that the hacker group was in fact trying to extort money from Symantec.

The emails shows how Yamatough was trying to extort money through a service called ‘Liberty Reserve’ to an offshore account or to accounts in Lithuania or Libya. Sam instead suggests wiring $1000 through PayPal which Yamatough declines. Sam then increased the total payment to $50,000 with an initial transfer of $2500 for three months and the rest of the money after they provide enough proof that the source code has been destroyed. At this point, Yamatough becomes suspicious that the FBI is involved and the email exchange stops even though Sam tries to continue the conversation. You can read the entire conversation in the above link.

In a comment made at Infosec Island, Cris Paden of Symantec confirmed that the email exchange posted was legitimate.

In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession. Symantec conducted an internal investigation into this incident and also contacted law enforcement given the attempted extortion and apparent theft of intellectual property. The communications with the person(s) attempting to extort the payment from Symantec were part of the law enforcement investigation. Given that the investigation is still on going, we are not going to disclose the law enforcement agencies involved and have no additional information to provide.

Paden also confirmed to Forbes that Sam was in fact an agent trying to get more information out of Yamatough.

“Anonymous has been talking to law enforcement, not to us. No money was exchanged, and there was never going to be any money exchanged. It was all an effort to gather information for the investigation,” he said.

Anonymous has uploaded the leaked source code to the torrents. But Symantec has reiterated that, you are safe, as long as you are using the latest version.

You can find additional information about the source leak here.

Symantec has now retracted its previous statement that the security breach which led to the leak of source codes of their older security products happened at a third part server, reports Reuters.

In a statement made to Reuters, spokesperson of Symantec, Cris Paden confirmed that the data breach occurred at the networks of Symantec in 2006.

“We really had to dig way back to find out that this was actually part of a source code theft. We are still investigating exactly how it was stolen”, he said.

Previously, it was assumed that the breach had occurred at a server of Indian Government. He also revealed that source code of Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere were also obtained by the hackers. Symantec in their earlier statement had said that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 were the ones that leaked.

A few days ago, ‘Yama Tough’ who is acting as the spokesman of the hacking group Lords of Dharmaraja (who took the responsibility of breaching) tweeted that they will be releasing the code of pcAnywhere to the black hat community so that they can exploit its users using zero day vulnerabilities. They had also threatened of releasing the source code of Norton to the public, but backed out at the last moment tweeting,

We’ve decided not to release code to the public until we get full of it =) 1st we’ll own evrthn we can by 0din’ the sym code & pour mayhem

Paden has acknowledged that pcAnywhere users are indeed facing ‘a slightly increased security risk’ and said,

Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.

Symantec is still reiterating that the code leaked is old and there isn’t a huge risk for its customers provided that they are using the latest versions. But as long as they didn’t write the source codes of their latest products from scratch, there are chances that at least part of the leaked source code is still used. The leak however will be a great advantage for competing security product vendors to understand the working of the Symantec products and use it to improve their own products.

Two days ago, the Symantec blog posted an article that describes how the newest and most successful malware and fake anti-spyware fools you into downloading it. The descriptions and images of these social engineering attacks are something you should see, so that you’ll know it when it happens to you.

Below are four images from the Symantec article. The first three show a web page with a fake warning to download updates. The last image shows you the payload, which is a fake anti-spyware program that tries to fool you into purchasing it (also known as scareware).

Image #1 download Firefox Secure Updates

Image #2 download Updates

Image #3 download Chrome Updates

Image #4 resulting download scareware called Security Tool

Even though these images are a bit fuzzy, you can still see that they’ve done a good job of looking like legitimate warnings. The bad news is that this isn’t the scariest part. It gets worse.

According to the article, trying to cancel these warnings does no good. The fake warnings keep popping up. If you exit the page without downloading these updates, something even worse happens. They redirect you to a site that hits you with some heavy duty exploits that could infect your PC.

The Symantec article only tells you that their software and some common sense will keep you protected from these fake warnings.

If you want my advice, do the following if you think you are seeing a fake warning:

1. Close the browser.
2. Follow up with an anti-virus scan of your system.
3. Use MalwareBytes Anti-malware to clean your system if you think you’ve been infected.
4. If all else fails, and you’re certain you have a problem, go to an anti-spyware forum to get help. (SpywareWarrior and PC-Help are good)
5. Optional tell me about your adventures, or comment below.

Update: Lorraine emailed me this link to removal instructions that helped her remove the “My Security Shield” scareware which looks like the “Security Tools” above.

[Source Symantec Blog]

Fo’ shizzle under my nizzle, yo yo! Alright, alright my rapping skills are subpar in that I believe even Shakespeare with his iambic pentameter can give me a run for his money with rapping skills. But this is not about my rapping skills it’s about yours dear wannabe rapper! (Not you, Hopesh)

Snoop Dogg, the West Coast hip hop MC and protégé of Dr. Dre has teamed up with security software specialists Norton (Symantec corporation) to announce Hack is Wack! a rap video contest where users can upload their best 2 minute rap video against cybercrime. Winners get to meet SNOOP DOGG’S MANAGEMENT TEAM Y’ALL! (Also probably a Toshiba laptop).

Fo’ real mah homies!!

No, really. The internet is filled with lame attempts to capture the essence of rap in a nerdy blogpost, so you can’t really blame me for trying (and failing).

According to the SecurityWeek, the contest which runs till the 30th of this month will be quite a ball:-

“If you have the skills and bust out the phattest rap, you’ll receive round-trip airfare for two to Los Angeles along with two days and two nights hotel stay to meet with Snoop’s management and learn more about his business. You’ll also get two tickets to a Snoop Dogg concert and a new laptop pimped out with Norton Internet Security 2011.”

So… get started right away with this friendly wikihow page that tells you how to write a rap song, promote yourself, develop your own style, and more.

If you didn’t notice we already kicked off the 8th competition in the Birthday Bash series where we are offering EASEUS Partition Master Professional worth $31.96 to 5 lucky winners.

And yes we didn’t forget the winners from the 7th competition, so here are the results of the Norton Online Backup Giveaway where we were giving away 5 accounts worth $49.95 each.

We had 20 participants, you can view the entire list of participants in our Google Docs account here.

However we had to disqualify 1 participant for not following the proper rules, you can create your own tweets since last few competitions, but please follow the rules and include the links we ask you to include, we really feel sorry to disqualify anyone from participating.

However here are the winners of the competition.

1. Juscelino M. Acevedo
2. Anuj Seth
3. Prashant Venkatsubban
4. Lori
5. Paul Smith

Congratulations on winning a license of Norton Online Backup, we will get in touch with you shortly to distribute the prizes, for the rest please continue participating there are lots of exciting prizes to be won.

Once again thanks for Symantec for being part of the Birthday Bash and sponsoring the competition.

Update: Competition is now closed, we are no longer accepting entries, winners will be announced shortly

It’s time to start the 7th competition in our birthday bash series, this time we surveyed users what to give away as prizes and the most wanted item on the list was Norton Online Backup, so here is a competition that will give users a chance to win one of the 5 Norton Online Backup licenses worth $49.99 each sponsored by Symantec.

Keeping your files safe and secure is of utmost importance and backups play a significant role in securing your files from unexpected disasters.

Norton Online Backup provides users with an option to safeguard documents, photos, music & more for up to 5 home PCs, the 25 GB space they provide can be used to backup the most important file that you do not want to lose to unforeseen problems.

Norton Online Backup provides users with a simple, automatic backup with anytime, anywhere access to your documents and files.

Key Technologies in Norton Online Backup

• Automatic Online Backup
• Web-Based Restore & Access
• Remote Backup Setting Management
• Archives Accidentally Deleted Files
• Bandwidth Throttling
• Multi-PC Backup
• High-Level Encryption & Data Compression
• Block-Level Incremental Backups

Key Features in Norton Online Backup

• Delivers professional-grade, automatic backup protection for your files
• Lets you access and restore files from any Web-enabled PC.
• Sets up in a flash… then runs automatically.
• Allows you to conveniently manage backup sets for multiple PCs through a secured web portal.
• Stores files on separate storage arrays at the data center for added file safety.
• Backs up files faster and uses less storage space.
• Guards your data with ultra-secured, government-grade encryption.
• Saves you money and offers greater convenience.
• Offers proven, professionally managed offsite file security

To get more information about the product, you can view a tour video of Norton Online Backup or read more about the exciting features it has to offer.

Rules & Regulations for Winning 1 of the 5 Norton Online Backup Accounts

To participate in the competition and be the one of the 5 persons to be eligible to win a Norton Online Backup account, worth $49.99 each, you will have to use one of the following ways.

1. Tweet about the sponsors and about this competition, include a link to both the sponsor and the competition, if you are creating your own tweet, please include Norton Online Backup and Symantec in the tweet, also use this link http://u.nu/95ka for the sponsor and this link http://u.nu/56ka for the competition.Here is a tweet you can use to enter the competition, click on this tweet link to tweet about this contest. Once you have tweeted about it, leave a comment with a link to your status.Tweet Message (example): Norton Online Backup from Symantec provides safe and automatic backups http://u.nu/95ka win 5 Backup licenses worth $50 http://u.nu/56ka
2. Write a blog post linking to Symantec.com and the Norton Online Backup page and this contest in your blog post. Once you have written the blog post, leave a comment here with a link to the post.
3. If you do not have a twitter account, or a blog, leave a comment on why you would want to win licenses for all these softwares.
4. This contest will end on 11th June at 1PM EST, no entries will be accepted after this point, we will announce the winners in a blog post shortly after the contest closes.
5. The more you participate the more you win, we have bonus cash prizes of $100 and $50 to be given out as bonus cash prizes at the end of all the competitions, for rules about bonus cash prizes please visit Techie Buzz Birthday Bash announcement post.

Please note: tweeting or blogging about the competition in itself will not avail participation, you will have to leave a comment on this page to get an entry in the winning draw.

We once again thank our sponsors Symantec for sponsoring the prizes for this event, look forward to participation from all our readers.

We have closed the Norton 360 contest, and it is time to announce the next set of Birthday Bash winners, 5 lucky people would be getting a free Norton 360 version 3 license worth $79.99 each.

However sadly we had to disqualify 7 participants from the competition for not following the rules completely, we are extremely sorry to do that, but we have to stick by the rules of the competitions we have.

We urge all participants to read the rules fully and ensure that they have followed it fully for all future competitions.

However here is the list of participants who followed all rules and were eligible for the prize on offer, a free license of Norton 360 version 3 sponsored by Symantec.

Full list of participants can be found in our Google Docs account list which you can be found here.

Instead of using the random integer generator, we have used the random list generator this time around provided by Random.org, we will continue using the list generator for all future competitions held in future.

And here are the winners of the Norton 360 Version 3 sponsored by Symantec worth $79.99 each, congratulations to the winners, for the others do keep competing in future competitions, you can win more and more goodies.

1. Madhur Kapoor
2. Aravind
3. Muralidar Sundara
4. Reshadat
5. Tim Brazer.

We will be contacting the winners by email shortly and sending them the details to avail of the Norton 360 license keys.

We once again thank Symantec for sponsoring the prizes, looking forward to more competitions and prizes, don’t forget to participate in them all to win cash prizes.