Update 3: Hackers May Leak Norton Antivirus Source Code

Thursday, January 05, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Update: Symantec Confirms Source Norton AV Code Exposed

*   *   *

Update:  Update: File Appears to Contain 2006 Norton AV Source Code

*   *   *

Older Updates at end of article...

Reports are surfacing that the Indian hacker group known as "The Lords of Dharmaraja" is claiming to have come into possession of the source code for Symantec's flagship Norton Antivirus program.

The hackers have apparently posted on Pastebin a list of the files they obtained with the message "Complete listing of NAV source code package which is comming..." [sic], an indication that they intend to post the actual source code for the Symantec product.

Source code is the proprietary mechanics of any software, and the leak of this code would open the doors for malware manufacturers to create viruses that could more effectively escape detection by the Norton AV product.

This breach could in turn render Norton AV ineffective as a defense tool and have a very serious impact on Symantec's bottom line and stock value.

While these reports have not been confirmed, security journalist Brian Krebs (http://krebsonsecurity.com/) made a brief reference to the rumor in a post on InAGist.com with a link to the Pastebin file list: "Indian hacker Group claims to have leaked source code file list for Norton Antivirus. Says source coming soon. http://t.co/D9L4fePT".

Infosec Island has contacted Symantec's management and is awaiting comment on the validity of the reports. We will be monitoring Krebs' site and other news feed sources for more information.

Update One:

Hat tip to Richard Stiennon for sending us a Google cache of a Pastebin posting from "The Lords of Dharmaraja" that is no longer available which states in part:

As of now we start sharing with all our brothers and followers information from the Indian Militaty Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI.

Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.

Tancs spy programme preview:

http://imgur.com/a/8XoGf

Our first release with the Indian MI in Paris owneed like shit:

http://pastebin.com/0U4dWcUX

And now first portion of Symantec docs: We want to ask Symantec WTF Indian MI have them at?

Update Two:

Again, hat tip to Richard Stiennon for sending us a Tweet he noticed where someone calling them self "YamaTough" is offering Brian Krebs the opportunity to interview them about the Norton AV source code breach:

Krebs - Norton AV

The breach of the Norton source code is as of yet still unconfirmed, as is the identity of "YamaTough" and whether or not they actually have any connection to these events, be they actual or merely a spoof.

Update 3:

YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows:

Yama Tough  -  12:42 PM  -  Public another internal doc from Symantec NAV src
Immune System Gateway Array Setup

Rev 2

05/01/2000

Raju Pavuluri
Immune System QA group
IBM Research.

Gateway Array Setup

This document discusses about setting up Gateway Array – 1, and references to the domain “gw01” are made throughout the document. While installing Gateway Array – 2 please follow the same document but use “gw02” wherever a reference to “gw01” is made.

Please follow the following instructions before setting up the hardware/software for gateway arrays.


For each Gateway Array

• Allocate IP names and addresses for each machine.

gw01data01.gw01.dis.symantec.com
gw01entry01.gw01.dis.symantec.com
gw01inside01.gw01.dis.symantec.com
gw01sample01.gw01.dis.symantec.com
gw01def01.gw01.dis.symantec.com
gw01def02.gw01.dis.symantec.com
gw01def03.gw01.dis.symantec.com

• Get DNS records for each

IP Name -> IP address
IP Address -> IP name

• Read the documentation for setting up DNS correctly, available in GWDNS.TXT file (in avis200.xxx directory). Test the DNS records with the test program GWDNS.PL (in avis200.xxx\src\testtools directory).

• You need the following CD’s for Gateway Array installation.

Microsoft Windows NT Server version 4.0
Microsoft Windows NT service pack 5
IBM DB2 Universal Enterprise Extended Edition version 6.1
IBM DB2 fixpack 2
IBM LotusGo for WinNT version 4.6.2.6
Microsoft Data Access version 2.1
Immune System build avis200.xxx
Initial definitions (VDB packages).
Dimension 4 Software (with custom-built config. files for Symantec)

Setup instructions for the machine “GW01DATA01”

The posted information is lengthy, so only an excerpt was reposted here.

More to come...

Possibly Related Articles:
65167
Breaches
Antivirus Symantec Headlines hackers Norton breach Source Code Pastebin The Lords of Dharmaraja Brian Krebs
Post Rating I Like this!
Default-avatar
jhunax Astillero Hey it's a nice post you got here and I enjoyed reading your article.I hope to find some nice news here. And of course I bookmarked it, Thank you for sharing!!

follow me at: http://www.meditation-training.com
1426566801
Page: « < 1 - 2 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.