X

Hackers threaten to release Symantec source code Tuesday

Code is thought to have been stolen from servers run by the Indian military, but the company says the code is from 2006 and is no threat to users of the current antivirus product.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

Hackers thought to have stolen source code from the Symantec's extended network have threatened to release the source code for Norton Antivirus on Tuesday, but the company says such a release poses no threat.

The hackers, who call themselves "Yama Tough" and employ the "Anonymous" mask in its Twitter avatar, said in a tweet Saturday that they would release the 1.7GB source code on Tuesday. "The rest will follow...," they added.

Several reports surfaced earlier this month that hackers had managed to access the source code for certain Symantec products. Symantec identified the products as Symantec Endpoint Protection (SEP) 11.0 and Symantec Antivirus 10.2, but said the attack did not affect any current Norton consumer products.

The hackers said they found the code after breaking into servers run by Indian military intelligence. The code was apparently left on the servers by mistake after Indian authorities inspected the source code to ensure it was secure. And that's where the hackers found the code.

The group said in a Pastebin post that it had the "source codes of dozens of companies" and contained documentation describing the API procedures for Symantec's virus definition generation service. The group's post on the Pastebin site has since been removed, though a Google cached version still exists.

Symantec said in a statement to CNET sister site ZDNet that code posted to Pastebin was related to a 2006 version and is "no longer sold or supported."

"The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities," the company said in a statement.

Rob Rachwald, director of security strategy at Imperva, wrote in a blog post that the incident was "embarrassing on Symantec's part" but not likely to "keep the Symantec folks awake too late at night, and certainly not their customers."

If the source code had been recent and the hackers were able to poke enough holes in it, then exploiting the software could be possible, noted Rachwald. But there's not much they can learn from old code.