Update 3: Hackers May Leak Norton Antivirus Source Code

Thursday, January 05, 2012



Update: Symantec Confirms Source Norton AV Code Exposed

*   *   *

Update:  Update: File Appears to Contain 2006 Norton AV Source Code

*   *   *

Older Updates at end of article...

Reports are surfacing that the Indian hacker group known as "The Lords of Dharmaraja" is claiming to have come into possession of the source code for Symantec's flagship Norton Antivirus program.

The hackers have apparently posted on Pastebin a list of the files they obtained with the message "Complete listing of NAV source code package which is comming..." [sic], an indication that they intend to post the actual source code for the Symantec product.

Source code is the proprietary mechanics of any software, and the leak of this code would open the doors for malware manufacturers to create viruses that could more effectively escape detection by the Norton AV product.

This breach could in turn render Norton AV ineffective as a defense tool and have a very serious impact on Symantec's bottom line and stock value.

While these reports have not been confirmed, security journalist Brian Krebs (http://krebsonsecurity.com/) made a brief reference to the rumor in a post on InAGist.com with a link to the Pastebin file list: "Indian hacker Group claims to have leaked source code file list for Norton Antivirus. Says source coming soon. http://t.co/D9L4fePT".

Infosec Island has contacted Symantec's management and is awaiting comment on the validity of the reports. We will be monitoring Krebs' site and other news feed sources for more information.

Update One:

Hat tip to Richard Stiennon for sending us a Google cache of a Pastebin posting from "The Lords of Dharmaraja" that is no longer available which states in part:

As of now we start sharing with all our brothers and followers information from the Indian Militaty Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI.

Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.

Tancs spy programme preview:


Our first release with the Indian MI in Paris owneed like shit:


And now first portion of Symantec docs: We want to ask Symantec WTF Indian MI have them at?

Update Two:

Again, hat tip to Richard Stiennon for sending us a Tweet he noticed where someone calling them self "YamaTough" is offering Brian Krebs the opportunity to interview them about the Norton AV source code breach:

Krebs - Norton AV

The breach of the Norton source code is as of yet still unconfirmed, as is the identity of "YamaTough" and whether or not they actually have any connection to these events, be they actual or merely a spoof.

Update 3:

YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows:

Yama Tough  -  12:42 PM  -  Public another internal doc from Symantec NAV src
Immune System Gateway Array Setup

Rev 2


Raju Pavuluri
Immune System QA group
IBM Research.

Gateway Array Setup

This document discusses about setting up Gateway Array – 1, and references to the domain “gw01” are made throughout the document. While installing Gateway Array – 2 please follow the same document but use “gw02” wherever a reference to “gw01” is made.

Please follow the following instructions before setting up the hardware/software for gateway arrays.

For each Gateway Array

• Allocate IP names and addresses for each machine.


• Get DNS records for each

IP Name -> IP address
IP Address -> IP name

• Read the documentation for setting up DNS correctly, available in GWDNS.TXT file (in avis200.xxx directory). Test the DNS records with the test program GWDNS.PL (in avis200.xxx\src\testtools directory).

• You need the following CD’s for Gateway Array installation.

Microsoft Windows NT Server version 4.0
Microsoft Windows NT service pack 5
IBM DB2 Universal Enterprise Extended Edition version 6.1
IBM DB2 fixpack 2
IBM LotusGo for WinNT version
Microsoft Data Access version 2.1
Immune System build avis200.xxx
Initial definitions (VDB packages).
Dimension 4 Software (with custom-built config. files for Symantec)

Setup instructions for the machine “GW01DATA01”

The posted information is lengthy, so only an excerpt was reposted here.

More to come...

Possibly Related Articles:
Antivirus Symantec Headlines hackers Norton breach Source Code Pastebin The Lords of Dharmaraja Brian Krebs
Post Rating I Like this!
Anthony M. Freed Updated with some additional information - though no actual source code leaked yet. Given that we don't know how long the source code has been compromised, there is the possibility that there are already exploits in the wild that could threaten consumer and more so companies that depend on Norton AV to protect their networks.. If this leak is confirmed, this will be bigger than the RSA SeurID breach, as there will be no easy fix (like RSA issuing new keys)...
Cris Paden Hi. Cris Paden with Symantec. Be advsied we investigated the original claim that NAV source code had been exposed and found it to the be false. The information posted was actually a document from 1999 explaining how the software worked, but did not include any actual source code. FYI.
Anthony M. Freed Cris - thanks for the info. We are, of course, hoping all this turns out to be a load of baloney. Feel free to send me any statements you wish included in further updates: anthonymfreed at gmail dot com
Bobby Mann I'm tired of these activist scumbags getting airtime. How about breaking the "story" when there is one. Looks like old code to me, WHO CARES.
jassica john The Canopus ADVC110 analog & digital video conversion unit works pretty well. So far, so good. I would give it a whole lot more credit if it came with the power supply but for standard operation it is not needed.
john flynn I agree! The information posted was actually a document from 1999 explaining how the software worked, but did not include any actual source code. FYI.

leesa betham This post is good enough to make somebody understand this amazing thing, and I’m sure everyone will appreciate this interesting things. ALUMINIUM ARMOURED CABLES
leesa betham Thanks for making the effort to talk about this, I experience highly about it and really like studying more on this subject. [url=http://facables.in/xlpe%20insulated%20armoured.html]COPPER ARMOURED CABLES[/url]
Dierk Bauer Thanks for everything guys
Angelo Alba They will hopefully now leak it...fingers crossed!

Bill Phillips These things just create more problems, anyway, I have total faith in the ability of Norton programmers to make the neccessary adjustments to adapt to these malicious individuals.

shahbaz ocpfsd1 Do you want to learn meditation online? New york meditation classes by light watkins has been providing meditation course from many year in new york.Get the best meditation audio course online and best personal trainer now.
Steve watson This is very interesting.Thanks for sharing it,looks very informative blog.great post with useful tips.Thanks for sharing.
Steve watson Its amazing to see someone put so much passion into a subject. I’m glad I came across this.I’m glad I took the time to read on past the first paragraph. I hope people realize this and look into your page.
Steve watson This is very interesting.Thanks for sharing it,looks very informative blog.great post with useful tips.Thanks for sharing.
amanda ana very interesting post, the post is very old but still it has value and great information. Do you have any update about todays software.

Jhun Astillero Hey it's a nice post you got here and I enjoyed reading your article.I hope to find some nice news here. And of course I bookmarked it, Thank you for sharing!!

follow me here: http://www.meditation-training.com
Page: « < 1 - 2 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked