Symantec Confirms Norton AV Source Code Exposed

An unidentified hacker, going by the handle YamaTough, appears to have source code for the 2006 version of Symantec’s Norton antivirus product.

Symantec’s response has been the following:

“Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity.”

“We are still gathering information on the details and are not in a position to provide specifics on the third party involved.”

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions.  Furthermore, there are no indications that customer information has been impacted or exposed at this time.”

“However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.  We will communicate that process once the steps have been finalized.”

“Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.”

Though the code is for an older version of the Norton antivirus product, the impact of the exposure is still as of yet undetermined, and several questions remain:

• As the file provided to Symantec was merely a sample of the material YamTough claimed to be in possession of, does that mean that code for more recent editions have not been compromised as well?

• What was the “third party” – presumably some entity related to the Indian government – doing in possession of the source code for the Symantec product?

• How much information would source code from 2006 provide to malware authors assuming that the entire product has not been reinvented from scratch since the time this code was produced?

Stay tuned for more as this story develops into what could be one of the biggest data loss events of 2012, and just less than one week into the new year.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: