Norton AntiVirus source code leaked to hackers?

Discussion in 'other anti-virus software' started by hawki, Jan 5, 2012.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Norton AntiVirus source code leaked to hackers?



    A group of Indian hackers say they have obtained the source code for Norton AntiVirus software, as well as "confidential documentation," that they will share on websites for all to see.

    The group, which calls themselves "The Lords of Dharmaraja," said it plans to publish the information on several different websites, "since we experience extreme pressure and censorship from US and India government agencies." It shared some of the information — some of which appears several years old — and a statement on the PasteBin file-sharing site. The original post was deleted, but a version is available to be seen via Google's cache of it."

    Full story here:



    http://technolog.msnbc.msn.com/_new...orton-antivirus-source-code-leaked-to-hackers
     
    Last edited: Jan 5, 2012
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Hacker group threatens to release Symantec AV source code
    Indian group has already posted documents on Symantec's AV technology


    January 5, 2012 (Computerworld)

    "Symantec is investigating an Indian hacking group's claims that it accessed source code used in the company's flagship Norton Antivirus program.

    A spokesman for the company on Thursday said that one claim by the group was false, while another is still being investigated.

    Meanwhile, the Indian group, which calls itself Lords of Dharmaraja, has threatened to publicly disclose the source code shortly.

    On Wednesday, the group posted on Pastebin what it claimed was confidential documentation related to Norton AntiVirus source code. A review of the material showed what appears to be a description of an application programming interface (API) for Symantec's AV product.

    The group also posted what it claimed was the complete source code tree file for Norton Antivirus. That document appears to have been taken down.

    'Yama Tough,' the hacker who posted the documents, released at least two more on Google+ allegedly related to Symantec source code. One of the documents appears to be a detailed technical overview of Norton Anti-Virus, Quarantine Server Packaging API Specification, v1.0. The other document, from 2000, describes a Symantec Immune System Gateway Array Setup technology."

    Full story here:

    http://www.computerworld.com/s/arti...release_Symantec_AV_source_code?taxonomyId=17
     
    Last edited: Jan 5, 2012
  3. clocks

    clocks Registered Member

    Joined:
    Aug 25, 2007
    Posts:
    2,787
    " The group, which calls themselves "The Lords of Dharmaraja," said it plans to publish the information on several different websites, "since we experience extreme pressure and censorship from US and India government agencies." "


    Leaking Norton source code.........the number one way to get back at the government. :rolleyes:
     
  4. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,741
    Location:
    UK
    Source: http://www.scmagazine.com/hackers-say-they-have-symantecs-norton-av-source-code/article/222003/
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "The hacker group threatened to release the actual source code for the Norton AntiVirus software later on. “We are working out mirrors as of now,” the hackers wrote in their post."

    http://bits.blogs.nytimes.com/2012/...t-source-code-for-symantecs-flagship-product/
     
  6. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    I think a skilled enough hacker will be able to see the source code of any application if he/she puts his mind to it.

    KAV source code was leaked years ago and it still floats around if you know where to look. But that doesn't seem to have affected it's protection.

    Ultimately all these applications are developed using a mix of C/C++ and ASM instructions anyway, it's not impossible to see what's going on.
     
  7. Rompin Raider

    Rompin Raider Registered Member

    Joined:
    May 6, 2010
    Posts:
    1,254
    Location:
    Texas
    Yep....total government shutdown!:D
     
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Tha leaked KAV source code was at least 3 years old. Because it is claimed the Norton source code was lifted from a military source, if these guys have it, it would be current. Many governments require that the provider of any software used must also deliver the current source code so that the government can make sure there is no method of spying on its systems contained in it:

    "In January 2011, the source code for an older version of Kaspersky Antivirus was uploaded to a torrent site. The intellectual property was stolen in early 2008 by a former Kaspersky employee who attempted to sell it on the Internet. "

    http://www.pcworld.com/businesscent...norton_antivirus_source_code.html#tk.rss_news

    ""As of now we start sharing with all our brothers and followers information from the Indian Militaty (sic) Intelligence servers, so far we have discovered within the Indian Spy Programme (sic) source codes of a dozen software companies which have signed agreements with Indian TANCS programme (sic) and CBI," Yama Tough said in one comment."

    http://www.computerworld.com/s/arti...release_Symantec_AV_source_code?taxonomyId=17
     
  9. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,251
    Location:
    The land of no identity :D
    Seems the article at Technolog has been updated:

    What's not known is whether they have the source code for the database and scan engine as well.
     
  10. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    Very Good!!!
    Now what would be the next stepo_O?
    I think they should make an anti-virus (with different name- There is already an AV name N360 in the indian market) with that source code & direct the update definition to norton update servers...lol:argh:
    And if they sell it with cost lower than Norton, They could be millionaires...
    No need to publish it!!!!
    Just imaging;) , don't take me seriously:p
    And don't worry nobody's gonna publish Norton source code!!!!:isay:
     
  11. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    If the code is really 4+ years old it's just irrelevant. Parts of it might still be interesting but for the most part the stolen data is pretty much useless.
     
  12. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I am so glad I use Microsoft's antivirus. They would NEVER let this happen.

    lol, kidding. :rolleyes:

    Yeah, this could happen to any of them pretty much. This is the whole security thru obscurity isn't security, but over popularity can lead to more attack attempts.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I have heard that but would tend to disagree. I'm sure some of the code is reused for years. There is no way they completely start over every year, or even every 2. You'll notice how the same definitions apply to many different years of their product.
     
  14. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    if they had gotten hold of the code I am sure they would have been resourceful enough to have figured a way to release it by now,probably a ploy by a competitor to cause a few paranoid users to dump it and possibly move to their product:D
     
  15. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    4 years ago, Norton was still on weekly updates basically. Heuristics were mediocre, there was no SONAR or file reputation tech, nothing.
     
  16. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,430
    Location:
    Surrey, England.
    "Symantec Gets Pwn3d: The Fallout" : http://www.infosecisland.com/blogview/19202-Symantec-Gets-Pwn3d-The-Fallout.html

    by Kevin McAleavey
     
  17. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    812
    Location:
    255.255.255.255
    if the code is old, then its worth nothing.

    else, it could be a huge damage.
     
  18. Sher

    Sher Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    366
    Location:
    Pakistan
    R.I.P. Norton!!! :cautious:
     
  19. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I still wouldn't dismiss it so quickly. From the following link: http://www.infosecisland.com/blogview/19182-Update-3-Hackers-May-Leak-Norton-Antivirus-Source-Code.html
    If there was code from 1998 in source code from 4 years ago you can be guaranteed that there is still some of this code in the current product. As has been mentioned on their own forums Norton Utilities 15 (the current version) uses vb6. Tell me that doesn't have old code in it. http://community.norton.com/t5/Other-Norton-Products/Norton-Utilities-15-will-not-run-on-W7-Pro-64-bit/m-p/442186#M33905
    Claiming it is irrelevant because it is old would be like saying a leak of the Windows XP source code today wouldn't matter because it is 11 years old. I'm not trying to slam Norton here as much as I think we should all be realistic about the fact that if ANY source code was leaked for any of their products that were capable of running on an OS that is still available and in use (XP, Vista) we should be concerned instead of just blowing it off. Their damage control will be to invalidate this story. It is what I would do.
     
  20. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I see you're using kaspesky:-same claim was made by hackers about their source code a couple of years back,that claim turned out to be wrong/exaggerated,we all know how these hacker groups like to boost their ego's and kudos amongst their peers:-if this group had managed to get what they claim and it was relevant to current products it would be all over the net by now,current norton products work in an entirely differnt way to anything pre 2009(the 2010 range)
     
    Last edited: Jan 7, 2012
  21. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    8,625
    Location:
    USA
    I new someone would go there and I didn't take that claim lightly either. :p For the record I also own a current 3 user license for Norton Internet Security. Sandboxie and SRP are your friends. Or at least mine. :D
     
  22. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    wasn't using fact that you're using kaspersky to mean therefore you'll be knocking Norton was just saying a similar claim was made about their products not long back,and I dare say similar claims will be made in the future about most of the popular anti-malware vendors,its the kudos thing that so called hackers crave more than the actual effect/damage they cause
     
  23. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,146
    What are you basing this on?

    We don't know how Norton's heuristic detection works on a code level. It could very well be similar to how it has always worked or worked for the last few years.

    What makes you think that there has been some big rewrite to the code?

    And it's already been confirmed that the code was stolen.
     
  24. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    well for start off insight!! Norton nowadays is more of an "in the cloud" product than a stand a alone product where all the protection components are on the users PC
     
  25. batsec

    batsec Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    26
    Location:
    Germany
    Hacker group is planning to release source code for Symantec's PCAnywhere software. YamaTough, the spokesperson for this group has tweeted.
    source: http://betteratsecurity.blogspot.com/2012/01/hacker-to-release-symantecs-pcanywhere.html
    and full story: http://www.infosecisland.com/blogview/19399-Hacker-to-Release-Symantecs-PCAnywhere-Source-Code.html
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.