Security Experts:

Connect with us

Hi, what are you looking for?



Symantec Confirms Hackers Accessed Source Code of Two Enterprise Security Products

On Thursday evening, SecurityWeek and other news outlets reported on news that hackers claimed to have accessed the source code to an unspecified version of Symantec’s Norton Antivirus product. It turns out that the hackers did get their hands on some code, but their claims are off a bit.

On Thursday evening, SecurityWeek and other news outlets reported on news that hackers claimed to have accessed the source code to an unspecified version of Symantec’s Norton Antivirus product. It turns out that the hackers did get their hands on some code, but their claims are off a bit. Norton is a consumer-focused product, and Symantec has confirmed, that from what they have seen thus far, the code that has been accessed by the attackers was from their Enterprise product line.

In this case, Symantec confirmed with SecurityWeek early Friday morning that the products in question are Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, so this incident did NOT involve its consumer products which are “Norton” branded.

Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.While many would expect the “FUD” factor to kick in, its important to realize a few facts. Symantec updates its products on a “.1 basis”, and its Endpoint Protection product is now at version 12.0 and 12.1. According to a Symantec spokesperson, “SEP 11 was four years ago to be exact.”

In addition, Symantec Antivirus 10.2 has been discontinued, though the company continues to service it.

“We’re taking this extremely seriously and are erring on the side of caution to develop and long-range plan to take care of customers still using those products,” Cris Paden, Senior Manager of Corporate Communications at Symantec told SecurityWeek.

“It’s also important to bear in mind that this is not a virus or false positive. The products are not broken. They perform just fine and work just fine.”

Unlike the RSA breach when hackers penetrated company networks to steal confidential data and intellectual property, Symantec confirmed that its systems had not been breached. “Symantec’s own network was not breached, but rather that of a third party entity,” the company said in a statement.

The hacker group assumed to be responsible is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers.

Subscribe to SecurityWeek

“We are still gathering information on the details and are not in a position to provide specifics on the third party involved,” the company said. “Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time. Symantec is working to develop remediation process to ensure long-term protection for our customers’ information,” the company said in a statement. “We will communicate that process once the steps have been finalized. Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.”

Rob Rachwald, Director of Security Strategy at Imperva shared some comforting advice when news of the possible source code exposure was announced. “If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers,” he said. “After all, there isn’t much hackers can learn from the code which they hadn’t known before.” Why? “Most of the anti-virus product is based on attack signatures,” he said. “By basing defenses on signatures, malware authors continuously write malware to evade signature detection.”

“The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them,” Rachwald added.

Symantec also highlighted that it distributed 10 million new signatures to respond to new threats in 2010 alone. The code in question is four and five years old and has evolved and changed significantly over the years.

More information from Symantec is expected Friday afternoon.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.