* * *
* * *
Older Updates at end of article...
Reports are surfacing that the Indian hacker group known as "The Lords of Dharmaraja" is claiming to have come into possession of the source code for Symantec's flagship Norton Antivirus program.
The hackers have apparently posted on Pastebin a list of the files they obtained with the message "Complete listing of NAV source code package which is comming..." [sic], an indication that they intend to post the actual source code for the Symantec product.
Source code is the proprietary mechanics of any software, and the leak of this code would open the doors for malware manufacturers to create viruses that could more effectively escape detection by the Norton AV product.
This breach could in turn render Norton AV ineffective as a defense tool and have a very serious impact on Symantec's bottom line and stock value.
While these reports have not been confirmed, security journalist Brian Krebs (http://krebsonsecurity.com/) made a brief reference to the rumor in a post on InAGist.com with a link to the Pastebin file list: "Indian hacker Group claims to have leaked source code file list for Norton Antivirus. Says source coming soon. http://t.co/D9L4fePT".
Infosec Island has contacted Symantec's management and is awaiting comment on the validity of the reports. We will be monitoring Krebs' site and other news feed sources for more information.
Hat tip to Richard Stiennon for sending us a Google cache of a Pastebin posting from "The Lords of Dharmaraja" that is no longer available which states in part:
As of now we start sharing with all our brothers and followers information from the Indian Militaty Intelligence servers, so far we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI.
Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies.
Tancs spy programme preview:
Our first release with the Indian MI in Paris owneed like shit:
And now first portion of Symantec docs: We want to ask Symantec WTF Indian MI have them at?
Again, hat tip to Richard Stiennon for sending us a Tweet he noticed where someone calling them self "YamaTough" is offering Brian Krebs the opportunity to interview them about the Norton AV source code breach:
The breach of the Norton source code is as of yet still unconfirmed, as is the identity of "YamaTough" and whether or not they actually have any connection to these events, be they actual or merely a spoof.
YamaTough has posted more information from the alleged breach on Google+ in an effort to prove this is not a spoof, an excerpt is as follows:
Yama Tough - 12:42 PM - Public another internal doc from Symantec NAV src
Immune System Gateway Array Setup
Immune System QA group
Gateway Array Setup
This document discusses about setting up Gateway Array – 1, and references to the domain “gw01” are made throughout the document. While installing Gateway Array – 2 please follow the same document but use “gw02” wherever a reference to “gw01” is made.
Please follow the following instructions before setting up the hardware/software for gateway arrays.
For each Gateway Array
• Allocate IP names and addresses for each machine.
• Get DNS records for each
IP Name -> IP address
IP Address -> IP name
• Read the documentation for setting up DNS correctly, available in GWDNS.TXT file (in avis200.xxx directory). Test the DNS records with the test program GWDNS.PL (in avis200.xxx\src\testtools directory).
• You need the following CD’s for Gateway Array installation.
Microsoft Windows NT Server version 4.0
Microsoft Windows NT service pack 5
IBM DB2 Universal Enterprise Extended Edition version 6.1
IBM DB2 fixpack 2
IBM LotusGo for WinNT version 220.127.116.11
Microsoft Data Access version 2.1
Immune System build avis200.xxx
Initial definitions (VDB packages).
Dimension 4 Software (with custom-built config. files for Symantec)
Setup instructions for the machine “GW01DATA01”
The posted information is lengthy, so only an excerpt was reposted here.
More to come...