October 8, 2024

Bits Blog: Hackers Threaten to Post Source Code for Symantec Product

Tony Avelar/Bloomberg News

Hackers have posted a file online that they claim is a confidential glimpse into Symantec’s Norton Antivirus program and have threatened to release source code for the security giant’s flagship antivirus product.

The hacker group, which calls itself the Lords of Dharmaraja, posted a file on Pastebin that it said described the confidential workings of Symantec’s Norton Antivirus threat-detection product. The documentation, and any source code, could be exploited by hackers to corrupt the antivirus program or write malicious code that circumvents Norton’s product altogether. The original post is no longer on Pastebin, although there is a Google cache.

The hackers claim to have discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers. In their online post, the hackers said, “We have discovered within the Indian Spy Program source codes of a dozen software companies,” which the hackers said had signed agreements with an Indian defense program and India’s Central Bureau of Investigation.

In an e-mail, a Symantec spokesman, Cris Paden, said the hackers’ post was an outdated document from 1999 that “explains how the software is designed to work (what inputs are accepted and what outputs are generated) and contains function names, but there is no actual source code present.”

The hacker group threatened to release the actual source code for the Norton AntiVirus software later on. “We are working out mirrors as of now,” the hackers wrote in their post.

Mr. Paden said Symantec was “currently investigating that.”

Symantec’s Norton brand antivirus products make up the bulk of its sales to consumers, which totaled nearly $2 billion last year — a third of Symantec’s revenue. If any part of its source code was exploited or tampered with, it could hurt Symantec’s share price and bottom line.

“If this document is from 1999, chances are the source code has changed a fair bit,” said Robert Rachwald, director of security strategy at Imperva, an Internet security company. ”But if Symantec hasn’t done any major overhauls, there may be some parts of the code that remain intact,” he said, and someone could find a way to poke holes in it.

Article source: http://feeds.nytimes.com/click.phdo?i=7cdf3e0ab3880dc825c74f8f98090cac