Symantec Confirms Theft of Antivirus Source Code
January 7, 2012

Symantec Confirms Theft of Antivirus Source Code

Officials at Symantec, the makers of Norton Antivirus, have confirmed earlier reports that cybercriminals successfully obtained a portion of the security software's source code and published it online earlier this week.

In a Friday afternoon report, Nicole Perlroth of the New York Times said that company spokesman Cris Paden confirmed the hacking. The programming code obtained was for two of Symantec's antivirus products for businesses -- Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, which were four and five years old respectively, Perlroth added.

"We have no indication that the code disclosure impacts the functionality or security of Symantec´s solutions," Paden told the Times in an email. Symantec is working to develop remediation process to ensure long-term protection for our customers' information."

"Symantec is working to develop a remediation process to ensure long-term protection for our customers' information. We will communicate that process once the steps have been finalized," he said, according to a separate article by PCMag's Sara Yin.

According to Lucian Constantin of IDG News Service the data was stolen by a group identifying themselves as "The Lords of Dharmaraja," who claim to have taken the source code and documentation from the servers of Indian intelligence agencies. Constantin also says that the group also acquired "intellectual property" from other software companies under contract with that nation's government.

In a Pastebin document posted Wednesday by a user going by the name of YamaTough, The Lords of Dharmaraja (which means Lords of Kings of Religion in English, according to Forbes Contributor Nigam Arora), wrote: "As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers“¦ Now we release confidential documentation we encountered of Symantec corporation and its Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies."

Those Pastebin documents have since been deleted, Arora added, but snapshots of the page could still be viewed via Google's cache as of 4:00pm Eastern.

While Perlroth says that source code could be used by other hackers to corrupt Symantec's antivirus products or write malicious code that can circumvent Norton software, but John Leyden of the Register notes that "even if the leak related to up-to-date source code, it would be of only limited use to hackers, except as a 'trophy scalp'."

"If this code is four or five years old, it is likely it has evolved quite a bit," Robert Rachwald, the director of security strategy at Internet security company Imperva, told the New York Times. "That said, if there are any core functions that have not evolved, then hackers could take a look at Symantec´s source code and find ways to manipulate it."


On the Net: