Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Symantec Says Norton Source Code Was Stolen in 2006 Attack

Hackers Release Norton Source Code

On Tuesday Symantec acknowledged that source code for older versions of its Norton security products did in fact leak out.

Hackers Release Norton Source Code

On Tuesday Symantec acknowledged that source code for older versions of its Norton security products did in fact leak out.

After a hacker using the alias “YamaTough” claimed his crew was in possession of source code for Norton Antivirus roughly two weeks ago, Symantec stated the hackers were only in possession of source code for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2. However, the company now admits that source code for some of its Norton products was stolen in an attack in 2006.

“Upon investigation of the claims made by Anonymous regarding source code disclosure, Symantec believes that the disclosure was the result of a theft of source code that occurred in 2006,” Symantec spokesperson Cris Paden told SecurityWeek in an emailed statement. “We believe that source code for the 2006-era versions of the following products was exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere.”

“Due to the age of the exposed source code, except as specifically noted below, Symantec customers – including those running Norton products — should not be in any increased danger of cyber attacks resulting from this incident,” he continued. “Customers of Symantec’s pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information.”

Symantec has taken steps to improve security policies and procedures since the time of the 2006 breach, Paden said, without elaborating.

YamaTough purports to be a member of Lords of Dharmaraja, an Indian hacking group. Two weeks ago the group posted a document dated April 28, 1999, that Symantec described as defining the application programming interface (API) for the virus Definition Generation Service. The document described how the software is designed to work, but contained no actual source code.

The Lords of Dharmaraja also released a purported memo that outlined an Indian intercept program known as RINOA, so named due to the vendors involved – RIM, Nokia, and Apple. According to the memo, the vendors provided India with backdoors into their technology. In a post on Twitter Jan. 14, YamaTough wrote that more stolen information will be posted online. Two days later, he tweeted that pcAnywhere source code was being made available to the black hat community for exploitation.

Customers using the up-to-date versions of the affected products are not at risk.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack