Symantec now admits to cyber attack on code in 2006

An older version of the source code created for Symantec's anti-virus and other software security products came directly from Symantec's own servers, rather than from a third party as the company previously had stated a few days ago.

According to a story on Reuters, a Symantec spokesperson said that the source code was obtained back in 2006 for a number of the company's software products. The company currently has no information on how the source code was obtained. It's also not known why it took five years for this issue to resurface.

The source code products included Norton Antivirus Corporate Edition, Norton Internet Security, Norton Utilities, Norton GoBack and pcAnywhere. Symantec said that, with one exception, any release of the source codes of these products on the Internet are no threat to any of its customers that are running the current versions of these software products.

The one exception is the pcAnywhere product which Symantec admits to a slight issue with security. A spokesperson said, "Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information."

Last week a hacker group known as the The Lords of Dharmaraja released the source code for the 2006 version of Norton Utilities. The group said they were going to release the source code for Norton Antivirus on Tuesday but so far there's no indication that has happened yet.

Report a problem with article
Previous Story

Wikipedia goes dark for SOPA protest; others join in

Next Story

SOPA hearings to resume in February in US House

18 Comments

Commenting is disabled on this article.

well well well. gee. if you can't trust your anti-virus vendor, who can you trust, eh? lmfao.

count myself lucky that i got rid of anything from norton / symantec ever since they migrated from ms-dos to windows. yes. they have been going down hill that long. and yet. new generation of idiots keep sustaining their lifeline. pathetic.

You wouldn`t have thought the source code would be available on a network except maybe a local intranet. Seriously that`s just asking for it really!
Also maybe the Indian government was not hp about Symantec blaming them when it wasn`t their system that was breached...

I pay for Kaspersky and will continue to do so Norton and McAfee are **** and i dont like the other recommended suites like NoD and esat/set

Xoligy said,
I pay for Kaspersky and will continue to do so Norton and McAfee are **** and i dont like the other recommended suites like NoD and esat/set

Yes, Norton and McAfee are $#!% but that doesn't mean you have to pay for Kaspersky. Have you tried Microsoft Security Essentials? It's actually quite good for a free piece of software. Even if Kaspersky were free, I would still use MS Security Essentials. You probably get some different/more advance features though with Kaspersky so I shouldn't jump to conclusions.

este said,

Im curious to know why as well

same here, there has been no company fighting security as much as MS has the left few years (took them a kick in the butt to get started on that tho) and noone but MS knows their OS as well.

One of many reasons I always tell people to not EVER pay for anti-virus solutions. How many people place their trust in companies like this, and give them money, only for the company to be made a fool of? How many viruses were able to bypass Symantec security solutions because the virus author had access to the Symantec source code, and therefore the ability to write malicious code that would go undetected.

Gerowen said,
One of many reasons I always tell people to not EVER pay for anti-virus solutions. How many people place their trust in companies like this, and give them money, only for the company to be made a fool of? How many viruses were able to bypass Symantec security solutions because the virus author had access to the Symantec source code, and therefore the ability to write malicious code that would go undetected.

That's not how it works.

ShareShiz said,
I will never trust Symantec ever again now.

You've got to wonder if anything else has been stolen from their servers, and if they are keeping that secret too.

More likely though they wouldn't even realise if someone had stolen their code.

I never trusted Symantec. Their Antivirus is a slow, bloated piece of crap!

Use Eset Smart Security. That stuff's so fast and your system's never hindered by its presence.

dvb2000 said,

You've got to wonder if anything else has been stolen from their servers, and if they are keeping that secret too.

More likely though they wouldn't even realise if someone had stolen their code.

shra1 said,
I never trusted Symantec. Their Antivirus is a slow, bloated piece of crap!

It hasn't been that for at least the last two versions.

shra1 said,
I never trusted Symantec. Their Antivirus is a slow, bloated piece of crap!

Use Eset Smart Security. That stuff's so fast and your system's never hindered by its presence.

This is actually no longer the case. Norton re-wrote their products from the ground up around 2009 to be extremely light weight. I am currently running Norton AV 2012 and it takes only 2 processes with a total footprint of about 15 MB of RAM. So this source code is likely not very useful to anyone who is looking to mount any sort of attack.

This really shouldn't be news at this point. We're talking about something that happened 6 years ago.

nytiger73 said,

This is actually no longer the case. Norton re-wrote their products from the ground up around 2009 to be extremely light weight. I am currently running Norton AV 2012 and it takes only 2 processes with a total footprint of about 15 MB of RAM. So this source code is likely not very useful to anyone who is looking to mount any sort of attack.

This really shouldn't be news at this point. We're talking about something that happened 6 years ago.

He obviously hasnt used Norton in a long time if he uses Eset now :\

este said,

He obviously hasnt used Norton in a long time if he uses Eset now :\

Exactly. Everyone hates on Norton's products when they haven't used them in years. Yes, at one time they were bloated pieces of crap. But things have changed, and I prefer it over anything else currently. Even MSE. If MS could get the memory footprint down to where Norton is, I might switch. But every time I've used MSE it uses in upwards of 80-100MB of RAM. I know in this day and age of machines with multiple GB of RAM that really isn't an issue, but I prefer to use programs which are as lightweight as possible.

nytiger73 said,

Exactly. Everyone hates on Norton's products when they haven't used them in years. Yes, at one time they were bloated pieces of crap. But things have changed, and I prefer it over anything else currently. Even MSE. If MS could get the memory footprint down to where Norton is, I might switch. But every time I've used MSE it uses in upwards of 80-100MB of RAM. I know in this day and age of machines with multiple GB of RAM that really isn't an issue, but I prefer to use programs which are as lightweight as possible.


MSE memory footprint
Security Essentials Version: 4.0.1113.0
Antimalware Client Version: 4.0.1113.0
Engine Version: 1.1.8001.0

= 105MB total

if your ****ing and moaning about a hundred megabytes used then seriously you need to upgrade the amount of ram your system has.... with 4GB in my system I don't even notice MSE running