September 28, 2016

Hackers Steal Source Code to Norton AntiVirus?

(LiveHacking.Com) – Symantec, the company behind Norton AntiVirus, has confirmed that a group of hackers has stolen portions of source code for two of its security products. The hackers, who call themselves The Lords of Dharmaraja, have posted at least twice to Pastebin claiming to have access to the source code for Norton Antivirus:

“Now we release confidential documentation we encountered of Symantec corporation and it’s Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.”

But according to a statement released from Symantec the information released is just a document from 1999, that describes an application programming interface (API) for the virus Definition Generation Service. “This document explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present,” Cris Paden, senior manager of corporate communication for Symantec told SecurityWeek.

Both posts have now been removed from Pastebin, which is quite unusual as it is normally a safe haven for hackers to post anything from stolen credit card numbers to cracked passwords.

The latest news from from Symantec, via SecurityWeek, is that the products in question are Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, and not any of its consumer products under the “Norton” branded. Further in a statement relased on Facebook Symantec said “The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers. Symantec’s own network was not breached, but rather that of a third party entity.”

Many governments require companies such as Symantec to submit their source code for inspection to prove they are not spying on the government. This is where the hackers could have got hold of the code. Comments posted by Yama Tough on Google+ and Pastebin seem to confirm this idea in that they suggest that the Symantec code was taken from an Indian government server.