Last night Imperva sent along an email stating that hacker group Lords of Dharmaraja is threatening to release the source code of Symantec's flagship product, Norton Antivirus. The group's original threat posted on Pastebin is now gone, but a Google cached version claims that the source code was retrieved during a hack of India's military and intelligence servers.
"As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI," the group states.
"Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies," the group adds.
Security firm Imperva indicated that there's a good chance the group actually did retrieve the source code from the Indian military, as many governments require source code from vendors to prove that the software isn’t really spyware. But the company also points out that the hackers could have easily retrieved the code by gaining access to a test server that was mistakenly exposed or a link to an FTP that was unintentionally made public.
"If the rumors turn out to be true, the implications of the anti-virus code leakage will not keep the Symantec folks awake too late at night, and certainly not their customers," Imperva said. "After all, there isn’t much hackers can learn from the code which they hadn’t known before."
That's because most of the antivirus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection. Even more, malware versions continuously evolve, making it hard for firms like Symantec to stay one step ahead.
"The workings of most of the anti-virus' algorithms have also been studied already by hackers in order to write the malware that defeats them," the blog explained. "A key benefit of having the source code could be in the hands of the competitors. If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself. But that is a big if and no one but Symantec knows what types of weaknesses hackers could find."
After word began to spread about the source code leak, Symantec released a statement, confirming that a segment of Norton's source code used in two of the older enterprise products has been accessed, one of which has been discontinued.
"The code involved is four and five years old," the company said. "This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time."
Symantec said that it is working to develop a remediation process to ensure long-term protection for its customers’ information. "We will communicate that process once the steps have been finalized," Symantec said. "Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts."
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
I thought they were all busy calling my place claiming to be working for microsoft and trying get me to install remote control software.Reply
who would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.Reply
I hope they release it... maybe someone will come along and improve it then.Reply
Norton AV has come a long way. It is far from the worst. More like a top 5 AV now.Reply
making poop is big deal manReply
ha source code more like a virus that has been making computers crawl since the mid 1990'sReply
saxplayingcompnerdwho would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.Why do people keep this up? Do people think it makes them look important to not keep current?Reply
Yes, a few years ago Norton had a bad reputation for being bloated and taking up cycles and memory. However, they did rebuild their products and they run very lean and catch almost everything thrown at them. They are always at the top of independent reviewers in both how little memory and CPU time they take up as well as what they detect.
the title says "Leak" while the first sentence says "threatening to release"Reply
It would be interesting to see a malware that exploits an AV software's vulnerabilities to gain control of the computer. Talk about irony.Reply
saxplayingcompnerdwho would want the source code for some of the worst antivirus software? That's like wanting dog DNA so you can figure out how it makes poop.Norton AV isn't like it what used to be in the past. If it's still a piece of junk, it would've withered away from competing AV softwares and the relentless flood of malware.
As others have said before....Reply