Sign in with
Sign up | Sign in

Hackers in India Leak Symantec Source Code

By - Source: Impervia | B 31 comments

A hacker group based out of India has acquired the source code to Norton Antivirus.

Last night Imperva sent along an email stating that hacker group Lords of Dharmaraja is threatening to release the source code of Symantec's flagship product, Norton Antivirus. The group's original threat posted on Pastebin is now gone, but a Google cached version claims that the source code was retrieved during a hack of India's military and intelligence servers.

"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group states.

"Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies," the group adds.

Security firm Imperva indicated that there's a good chance the group actually did retrieve the source code from the Indian military, as many governments require source code from vendors to prove that the software isn’t really spyware. But the company also points out that the hackers could have easily retrieved the code by gaining access to a test server that was mistakenly exposed or a link to an FTP that was unintentionally made public.

"If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers," Imperva said. "After all, there isn’t much hackers can learn from the code which they hadn’t known before."

That's because most of the antivirus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection. Even more, malware versions continuously evolve, making it hard for firms like Symantec to stay one step ahead.

"The workings of most of the anti-virus' algorithms have also been studied already by hackers in order to write the malware that defeats them," the blog explained. "A key benefit of having the source code could be in the hands of the competitors. If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself.  But that is a big if and no one but Symantec knows what types of weaknesses hackers could find."

After word began to spread about the source code leak, Symantec released a statement, confirming that a segment of Norton's source code used in two of the older enterprise products has been accessed, one of which has been discontinued.

"The code involved is four and five years old," the company said. "This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Symantec said that it is working to develop a remediation process to ensure long-term protection for its customers’ information. "We will communicate that process once the steps have been finalized," Symantec said. "Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts."

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 21 Hide
    saxplayingcompnerd , January 6, 2012 6:23 PM
    who would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.
  • 20 Hide
    igot1forya , January 6, 2012 6:28 PM
    I hope they release it... maybe someone will come along and improve it then.
  • 18 Hide
    makafri , January 6, 2012 6:31 PM
    making poop is big deal man
Other Comments
    Display all 31 comments.
  • 5 Hide
    Anonymous , January 6, 2012 6:18 PM
    I thought they were all busy calling my place claiming to be working for microsoft and trying get me to install remote control software.
  • 21 Hide
    saxplayingcompnerd , January 6, 2012 6:23 PM
    who would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.
  • 20 Hide
    igot1forya , January 6, 2012 6:28 PM
    I hope they release it... maybe someone will come along and improve it then.
  • 9 Hide
    jurassic1024 , January 6, 2012 6:29 PM
    Norton AV has come a long way. It is far from the worst. More like a top 5 AV now.
  • 18 Hide
    makafri , January 6, 2012 6:31 PM
    making poop is big deal man
  • 15 Hide
    captaincharisma , January 6, 2012 6:36 PM
    ha source code more like a virus that has been making computers crawl since the mid 1990's
  • 3 Hide
    wildkitten , January 6, 2012 6:38 PM
    saxplayingcompnerdwho would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.

    Why do people keep this up? Do people think it makes them look important to not keep current?

    Yes, a few years ago Norton had a bad reputation for being bloated and taking up cycles and memory. However, they did rebuild their products and they run very lean and catch almost everything thrown at them. They are always at the top of independent reviewers in both how little memory and CPU time they take up as well as what they detect.
  • 13 Hide
    cookoy , January 6, 2012 7:11 PM
    the title says "Leak" while the first sentence says "threatening to release"
  • 5 Hide
    A Bad Day , January 6, 2012 7:58 PM
    It would be interesting to see a malware that exploits an AV software's vulnerabilities to gain control of the computer. Talk about irony.

    saxplayingcompnerdwho would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.

    Norton AV isn't like it what used to be in the past. If it's still a piece of junk, it would've withered away from competing AV softwares and the relentless flood of malware.
  • 11 Hide
    memadmax , January 6, 2012 8:07 PM
    As others have said before....

    Poop...
  • 5 Hide
    rubix_1011 , January 6, 2012 8:07 PM
    'Accidentally' leaving someone on the network for someone to find is often referred to as a honey pot. Government departments don't make a habit of leaving servers full of valuable code open and unmonitored just at random. I agree it does happen, but the likelyhood of something being that substantial may only be some mock code that was left there as bait for network intruders. This is common policy for network security protocols.
  • 1 Hide
    lp231 , January 6, 2012 8:41 PM
    A Bad DayIt would be interesting to see a malware that exploits an AV software's vulnerabilities to gain control of the computer. Talk about irony.Norton AV isn't like it what used to be in the past. If it's still a piece of junk, it would've withered away from competing AV softwares and the relentless flood of malware.

    Norton has build itself based on marketing and branding much like Monster Cable and BOSE.
    If you ask a Joe or Jane what AV software they'll recommended and Norton is the first thing that pops into their heads.
  • 0 Hide
    Thunderfox , January 6, 2012 10:49 PM
    Hey, maybe the open source community can improve it. They certainly can't make it any worse.
  • 2 Hide
    JOSHSKORN , January 7, 2012 12:16 AM
    saxplayingcompnerdwho would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.

    I'm not sure that made sense but damn it sounded funny. :) 
  • 0 Hide
    ojas , January 7, 2012 4:01 AM
    :lol: 

    I actually believe them. Won't be surprised if Government servers got hacked.

    And to be honest, i believe that symantec is right, it must be a few years old. I have faith in my Government :D 

    BTW, no norton is pretty good actually. Have been running 360/NIS for three years now, it's great. Even runs on and old IBM thinkpad with a pentium M without any issues. Stalled my p4 though!
    However, it's overpriced, so i doubt i'm going to renew my licence next year.
  • -1 Hide
    razor512 , January 7, 2012 10:38 AM
    I bet those hackers were shocked to find source code from both prime95 and memtest within the Norton source code.

    if user has any free memory
    then allocate all free memory for temp storage of calculated prime numbers
    //classic Norton's
  • 4 Hide
    Anonymous , January 7, 2012 10:15 PM
    I agree, Norton is a good product. Branding is not a bad thing - look at Apple. They market an experience. So too does Symantec. A trouble-free experience for most users. Save for the dumb ones (like some that have posted above with outdated comments!). If you prefer to get your AV from Chinese, Romanian, Finnish and UK companies GREAT, all the power to you. I will stand behind a US company any day - and especially one with a solid reputation like Symantec.
  • 6 Hide
    livebriand , January 8, 2012 2:58 AM
    Bob MannI agree, Norton is a good product. Branding is not a bad thing - look at Apple. They market an experience. So too does Symantec. A trouble-free experience for most users. Save for the dumb ones (like some that have posted above with outdated comments!). If you prefer to get your AV from Chinese, Romanian, Finnish and UK companies GREAT, all the power to you. I will stand behind a US company any day - and especially one with a solid reputation like Symantec.

    What about MSE? Microsoft's based in Seattle, MSE is nice and light and effective and free, what more could you want?
  • 1 Hide
    falchard , January 8, 2012 4:23 AM
    Protection, which is why you use ESET NOD32.
  • 0 Hide
    soundping , January 8, 2012 10:37 AM
    Symantec: Nothing to see here.. move along, move along..
Display more comments