Symantec announced that hackers have had the source code for remote access software pcAnywhere since 2006. It can’t be trusted until they issue a patch. Some organizations may be anxious to see how many of their machines have pcAnywhere installed. If you have an application aware firewall like Palo Alto Networks, you can see if there is pcAnywhere traffic on the network easily. To find out where it’s installed but not in use, most are probably using software like Altiris, Tivoli, etc.
One tool that can find pcAnywhere (or any software for that matter) is Tanium – and it can do it for you in 15 seconds. For example, you could ask a question looking for a file or registry key and the endpoints are directly queried and the responses come back in 15-30 seconds, even if the machines are scattered around the world.
It’s great for tiger teams doing incident response.
Disclosure: Digital Scepter is a Tanium distributor and a Palo Alto Networks Platinum partner. That means if you’d like to learn more, you can hit me up at (888)299-3718 or by email.
