14 DAY TRIAL // A group of Indian hackers claim to have obtained the source code for Symantec’s Norton Antivirus, the 2006 version. Experts report that if the claims were true, it could give cybercriminals the opportunity to create new malware that incorporates mechanisms to better avoid security solutions.
Infosec Island has been provided with a sample file that appears to contain the source code for the popular antivirus.
Symantec was immediately contacted and the company confirmed that the file indeed contained a segment of their product’s source code, but the incident is still being investigated.
“Symantec can confirm that a segment of its source code has been accessed. Symantec’s own network was not breached, but rather that of a third party entity. We are still gathering information on the details and are not in a position to provide specifics on the third party involved,” Cris Paden, sr. manager for corporate communications at Symantec said.
“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions. Furthermore, there are no indications that customer information has been impacted or exposed at this time.”
Later, Paden returned with another statement to say that further investigations revealed that the code was actually part of a document from 1999 in which it was explained how the software worked, “but did not include actual source code.”
In a twist, the Indian hacker group called The Lords of Dharmaraja wrote a message on Pastebin revealing that the first file was just the beginning and there was much more to come. It turns out that the information originates from the Indian Military Intelligence.
“As of now we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI,” they said.
“Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.”
Symantec is currently investigating the other claims, but they officially confirm that the first file represents documentation from 12 years ago.