Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Symantec Investigating Possible Theft of Norton AV Source Code

A group of hackers claim to have stolen source code for Symantec’s Norton Antivirus software.

Update: 01/06/12 12:20AM EST – Symantec has confirmed with SecurityWeek that hackers have accessed source code related to Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.

A group of hackers claim to have stolen source code for Symantec’s Norton Antivirus software.

Update: 01/06/12 12:20AM EST – Symantec has confirmed with SecurityWeek that hackers have accessed source code related to Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.

The group is operating under the name Dharmaraja, and claims it found the data after compromising Indian military intelligence servers.

Hackers Threaten To Release Norton Source Code“So far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI,” according to a post on Pastebin that has since been deleted. “Now we release confidential documentation we encountered of Symantec Corporation and it’s [sic] Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.”

Thus far, the information posted by the hackers includes a document dated April 28, 1999, that Symantec describes as defining the application programming interface (API) for the virus Definition Generation Service.

“This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present,” Cris Paden, senior manager of corporate communication for Symantec told SecurityWeek.

A second post entitled ‘Norton AV source code file list’ includes a list of file names reputedly contained within Norton AntiVirus source code package.

Symantec said it is still in the process of analyzing the data in the second post, Paden said.

What if the Norton Source Code has Been Stolen?

Advertisement. Scroll to continue reading.

“If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers,” noted Rob Rachwald, Director of Security Strategy at Imperva. “After all, there isn’t much hackers can learn from the code which they hadn’t known before.” Why? “Most of the anti-virus product is based on attack signatures,” he said. “By basing defenses on signatures, malware authors continuously write malware to evade signature detection.”

“The workings of most of the anti-virus’ algorithms have also been studied already by hackers in order to write the malware that defeats them. A key benefit of having the source code could be in the hands of the competitors.”

But hackers could use the source code to search out and exploit vulnerabilities in the software itself. “If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself. But that is a big if and no one but Symantec knows what types of weaknesses hackers could find,” Rachwald concluded.

Norton is one of the most widely used anti-virus products, being used by millions of users around the world.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.