Symantec confirms breached data was leaked

News by Dan Raywood

Symantec has confirmed that source code for its Norton anti-virus product has been leaked.

Symantec has confirmed that source code for its Norton anti-virus product has been leaked.

As reported by SC Magazine, the security software vendor was forced into a blackmail battle with a hacker who claimed to have the the source code to Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. The hacker, ‘YamaTough', attempted to get $50,000 from Symantec, threatening to release the source code (which Symantec confirmed was six years old).

In a statement, Symantec confirmed that the source code was authentic. It said: “The exposure of this code poses no increased risk to Norton or Symantec customers. This code is part of the original cache of code for 2006 versions of the products that Anonymous has claimed to possess over the last few weeks.

“We anticipated that the code would be posted. As we have already stated publicly, our analysis shows that due to the age of the exposed code and the fact that it is only a small subset of the complete code, Symantec anti-virus or endpoint security consumer and business customers – including anyone running Norton products – should not be in any increased danger of cyber attacks resulting from this incident.

“We also anticipate that Anonymous will post the rest of the code they have claimed to have in their possession. So far, they have posted a small portion of the source code for the 2006 versions of Norton Utilities, pcAnywhere, and Norton Antivirus. We also anticipate that at some point, they will post the code for the 2006 versions of Norton Internet Security. Again, the code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialise as a result of this incident.”

According to a report from The Hacker News, the code was posted on the Pirate Bay with a download size of 1.07GB. The file has a note that asks for the liberation of the LulzSec members who were recently arrested, minus Hector Monsegur, aka 'Sabu'.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews