Anonymous leaks 2006 source code for Norton AntiVirus

Anti-virus is a big market, particularly on Windows operating systems, and companies will do anything to keep their code secure. Each company claims their anti-virus product is better than their competitors, and nobody wants to even consider the possibility of their code being publicised. Symantec have landed in some hot water as a direct result of this, with their Norton AntiVirus source code having been accessed.

As reported by ZDNet, the source code for Norton 2006 was leaked by Anonymous, who are quickly gaining media attention for their actions. Symantec previously acknowledged that Anonymous had some of the source code, but not the entirety of it. In their own words they described it as being only a 'segment' of the code. 'Stun', a member of the hacking fraternity, announced their latest acquisition over Twitter, linking to a file on The Pirate Bay.

The file weighs in at 1.07GB, including source code for the consumer and corporate versions, as well as files relating to the different operating systems it was made available for. It was suggested that the code was accessed from a server related to the Indian intelligence service, but this seems questionable. Symantec themselves have not commented on the identity of the third party that allowed the code to leak.

According to belief, the Indians wanted to inspect the code to ensure it was secure before making use of the product. Symantec allowed them to examine the code, and after determining it was secure, it was left on a network with poor security. It may very well be the same network that the Anonymous hackers used to gain access to the code. Claims from Symantec say that the 2006 code is of no danger to users of newer versions of the software. Code has reportedly been completely changed since then, and shares no resemblance to the 2006 era version of the popular anti-virus tool, so those running Norton should be able to continue to do so without any real issues being raised.

Finally, the torrent file comes with an additional file. It is a note listing the names of Anonymous members who they want to see released. The list contains one notable exception: Hector Xavier Monsegur, better known as 'AnonymousAbu' or 'Sabu'. Sabu was known to have led the hacking group LulzSec during the past year, but controversy mounted when it was found Sabu had been compromised and may have been reporting on the actions of his friends to the FBI.

Report a problem with article
Previous Story

Dead Rising creator working on "totally new game" for PS Vita

Next Story

Top 10 HTML5 games

45 Comments

Commenting is disabled on this article.

For those in the know he didn't hack anything. He was given the code to look 1337 and then used this image knowingly, intelligently and voluntarily.....

Does anyone really care about a SC that is over 6 years old? Unless you just wanted to see what kind of code writing Symantec was doing at the time.

Other than that...a 6 year S.C. is of no use to anyone.

Hmm suprised the Kaspersky leak wasn't mentioned..

the 2008 KAV c++ source code has been leaked for a long time now.
its 181mb in a .rar file
671mb extracted

I think the value of an anti-virus is in the virus definitions, not in the source code of the engine. Plus wasn't this one of the versions that made everything tremendously slow, and it was completely re-worked with 2009 and later. So in short no one cares.

xpclient said,
I think the value of an anti-virus is in the virus definitions, not in the source code of the engine. Plus wasn't this one of the versions that made everything tremendously slow, and it was completely re-worked with 2009 and later. So in short no one cares.

Correct, it was reworked with the 2007 version version though, not the 2009 version, when Vista was released. This was because all NAV and NIS versions prior to the 2007 version used ActiveX controls for everything.

Since Vista Sandboxes IE, Symantec had to significantly rewrite their software to remove the reliance on ActiveX.

Edited by neo158, Mar 11 2012, 12:41am :

I love how people downplay everything Anonymous does. Is it jealousy? I don't care about what they do but at least give them some credit where due.

Anooxy said,
I love how people downplay everything Anonymous does. Is it jealousy? I don't care about what they do but at least give them some credit where due.

It's just Neowin Nature. But back to the Subject releasing a source code is releasing a source code THOUGH it may be old it reviles how some of the features work I don't know about you but Im damn sure Norton just go ohhh it's time for 2013 edition time to COMPLETELY rewrite The entire source code... They simply use 2012 source code and improve on it whether it's removing a couple of lines or adding some more lines to it or even changing a string of a line.

Anooxy said,
I love how people downplay everything Anonymous does. Is it jealousy? I don't care about what they do but at least give them some credit where due.

Anooxy said,
I love how people downplay everything Anonymous does. Is it jealousy? I don't care about what they do but at least give them some credit where due.

I and thousands of others can find more valuable things to do with our time then go around hacking and ****. I bet you these are all kids and 25 year olds in their mother's basements.

You can criticize something for many reasons. Jealousy doesn't need to be one of them. For many legit reasons, some people simply don't care for what Anon does.

CMG_90 said,
I and thousands of others can find more valuable things to do with our time then go around hacking and ****. I bet you these are all kids and 25 year olds in their mother's basements.

And I'm pretty sure a thousand others can find more valuable things to do with their time than you. Your way is not the correct way. However, I'm unable to judge about your age because of that. Do you have magic powers?

COKid said,
You can criticize something for many reasons. Jealousy doesn't need to be one of them. For many legit reasons, some people simply don't care for what Anon does.

It makes no sense if someone doesn't care and posts in every Anon news that Anon are just kids, they're not doing anything bla bla bla... that outright looks like jealousy.

Anooxy said,
I love how people downplay everything Anonymous does. Is it jealousy? I don't care about what they do but at least give them some credit where due.

This, and the people who sit there and bash Anon are doing it to feel rebelious, or because they think they will get the backing of people. Which is reality is very sad, as they aren't leaders, just followers wanting to be in the biggest group.

ThePitt said,
a six years old code from an antivirus, which changes by the hour.

uh, no, the defitionfiles changes by the hour..maybe.

Not sure what's Anonymous' agenda any longer? Are they into 0 zero now? Or warez? Or they did this with some weird prisoner exchange scheme in mind...? Or what? Anyway, not good, but all those companies (looks long and hard at Microsoft) who place their chips on security through obscurity have it coming.

By the way this is just hilarious:
"According to belief, the Indians wanted to inspect the code to ensure it was secure before making use of the product. Symantec allowed them to examine the code, and after determining it was secure, it was left on a network with poor security."

Breach said,
Not sure what's Anonymous' agenda any longer? Are they into 0 zero now? Or warez? Or they did this with some weird prisoner exchange scheme in mind...? Or what? Anyway, not good, but all those companies (looks long and hard at Microsoft) who place their chips on security through obscurity have it coming.

By the way this is just hilarious:
"According to belief, the Indians wanted to inspect the code to ensure it was secure before making use of the product. Symantec allowed them to examine the code, and after determining it was secure, it was left on a network with poor security."

the people with the slightest intelligence moved on so they are now catering to the 10 yr olds that still think they are cool. Think of them as the bully that everyone forgot about that sits there and yells "look at me somebody".

Norton was completely re-written since the 2006 version. In 2006, it slowed down disk access by 25x. Now it's a reasonably good antivirus.

That code might be useful in a "spot the hundreds defects in these ten lines of code" CS course, though.

Aethec said,
Norton was completely re-written since the 2006 version. In 2006, it slowed down disk access by 25x. Now it's a reasonably good antivirus.

That code might be useful in a "spot the hundreds defects in these ten lines of code" CS course, though.


Symantec claimed the same thing about the PC Anywhere source that got leaked. There's already been multiple exploits discovered for the new version through looking at the old source, some hackers claim to be able to take over an entire computer if it's got PC Anywhere (current version) installed.

It's a bad day when I'm fairly certain that hackers are more trustworthy than a security company...

Also, as a programmer, when you see someone claim that a program/engine has been entirely rewritten, you instantly know that the person is in PR, because it's nonsense.

Uhyve said,

Symantec claimed the same thing about the PC Anywhere source that got leaked. There's already been multiple exploits discovered for the new version through looking at the old source, some hackers claim to be able to take over an entire computer if it's got PC Anywhere (current version) installed.

It's a bad day when I'm fairly certain that hackers are more trustworthy than a security company...

Also, as a programmer, when you see someone claim that a program/engine has been entirely rewritten, you instantly know that the person is in PR, because it's nonsense.

There are good and bad hackers.

I had Norton on my PC in 2006, and dear god it was crappy. I couldn't imagine why anyone would be interested in the source code.

bgjerlow said,
I had Norton on my PC in 2006, and dear god it was crappy. I couldn't imagine why anyone would be interested in the source code.

If you are just starting out in high level programming then it would be useful

Why would people care about Norton 2006? Anon must have their yrs backwards.... Think they would do that for the most recent versions

TCA said,
Why would people care about Norton 2006? Anon must have their yrs backwards.... Think they would do that for the most recent versions

Because closed source means no one checks the code for holes unless someone exploits it external to the people working on it. This is usually the only time when something is patched, and only when its brought to light via public security notices.

What we've seen here is people with rogue access to source code, where they can pick apart all aspects going through the code looking for possible ways to exploit it and see the exact inner workings of how it detects virus what ever other little tricks it does, ie monitor services, processes etc.

Symantec has already released several updates due to the code being taken, so its proof that there have been holes in the software at some point and that Symantec have done an audit on the code to check for any possible bugs. So it seems that even the latest version of the antivirus still has at least some basic building blocks of how it works, dating right the way back to 2006 (or ealier).

However, the code is from 2006, so its entirely possible that they've had access to the source code server from that date (or ealier) and have been using exploited code since then. For sure that'd be one of the best ways to add additional ease of hack if you can get your virus/trojan etc into the system without it even being detected in the first place, and if those exploits that are still in that latest version until patched then it'd make sense to release it now if the last of the major bugs have been closed or just to show the power anonymous holds over big security companies like Symantec.

I'm sure both anonymous and Symantec know a lot more about the hacking that's gone on then they're willing to let on.

Oh noes, Anon has 6-year-old code that has no effect on anyone whatsoever.

The whole "Anon vs Sabu" thing is even more childish than these script-kiddies thinking 6-year-old code is useful in any way.

joep1984 said,
Oh noes, Anon has 6-year-old code that has no effect on anyone whatsoever.

The whole "Anon vs Sabu" thing is even more childish than these script-kiddies thinking 6-year-old code is useful in any way.

So if someone leaked out Windows Vista code from 2006 this wouldn't effect things of today? Software is usually improved apon rather than just scraped and recoded every release. It might be from 2006 but it can still prove valuable to some today.

Tony. said,

So if someone leaked out Windows Vista code from 2006 this wouldn't effect things of today? Software is usually improved apon rather than just scraped and recoded every release. It might be from 2006 but it can still prove valuable to some today.

In this case you're wrong, NIS has changed significantly since 2006 and the most notable change was the move away from ActiveX controls because of Vista. So joep1984 is right, this leak is nothing special.

Oh and comparing the leak of an OS to the leak of old, outdated security software is just stupid. The leak of OS source code would be more damaging because an OS has it's code refined and improved from the previous version.

joep1984 said,
Oh noes, Anon has 6-year-old code that has no effect on anyone whatsoever.

Many corporations are still using Symantec products that old. If the software was properly written, then even with the source code there would be no risk to systems using it. The fact that Symantec are worried over its release, shows that the code is full of security holes, many of which are probably still in their products today.

neo158 said,

In this case you're wrong, NIS has changed significantly since 2006 and the most notable change was the move away from ActiveX controls because of Vista. So joep1984 is right, this leak is nothing special.

Oh and comparing the leak of an OS to the leak of old, outdated security software is just stupid. The leak of OS source code would be more damaging because an OS has it's code refined and improved from the previous version.

You've clearly never written software or you would know that no software company ever scraps an entire code base then starts over again. Symantec may have rewritten a lot of their AV but chances are they ported (or just plain copied) various routines and logic from the old code base to the new code. I'm sure they've added and replaced a lot of the core AV logic since they changed the way their product works but I can see them re-using code for various standard operations like file or registry ops, memory handling, enumeration methods, API calls, and perhaps even parts of Live Update. Software companies will keep a code repository and use/improve on it over time so the chances of a decent portion of that code being used in their current products is very real.

Tony. said,

So if someone leaked out Windows Vista code from 2006 this wouldn't effect things of today? Software is usually improved apon rather than just scraped and recoded every release. It might be from 2006 but it can still prove valuable to some today.

but it isn't vista, its norton, a 6 year old sourse code not in use... why bring up vista? i do not know for sure, but HIGHLY doubt any of it is useful in anyway

Cøi said,

Who? Anonymous or Symantec?

Symantec obviously. Any security company who are good at what they do, know that "Security by obscurity" never works and will ALWAYS be hacked.