Symantec Targeted in Source Code Extortion Scheme

Sunday, May 06, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Symantec was the target of an unsuccessful extortion scheme devised by an unknown group on Friday, May 4th.

The extortionists, who go by the name "l3g4nd crew", claimed to be in possession of the complete source code for the company's Norton antivirus product.

In a Pastebin posting, the group threatened to release the code today if Symantec did not engage in negotiations and succumb to a demand for a monetary payoff.

The original Pastebin posting also contained a sample of code, but the page is no longer avalable.

The following Pastebin post, which was still present at the time this article was written, contains a copy of the extortion threat, but no sample of code:

Dear Symantec officials,

We would like to inform you that we finally exploited Norton internet security 2012, this exploit made an error in Norton and by mistake exposed its FULL SOURCE CODE, we then checked it several time to be sure, also we would like to tell you that you fool highness inserted a lot of sensitive information in the code, we actually disclosed the top secret virus protection technique of Symantec Norton 2012 and we will be publishing it on Monday unless we had a little t$lk, the source code will also be published on several paste websites including this site, and also for informational reasons the source code  will be identified by this hashed title:

"bDNnNG5kQHlhaG9vLmNvbQ=="   

search pastebin.com on Monday for it if Symantec didn't just give me the demand$.

l3g4nd crew. our email : l3g4nd@yahoo.com to discus about th$.

Infosec Island editors contacted Symantec officials last Friday and provided them with the link to the Pastebin post after becoming aware of the scheme by way of a Google Alerts notification.

“Symantec’s internal information security team has analyzed the code that was posted and has determined it is NOT Symantec source code," Cris Paden, Sr. Manager for Corporate Communications at Symantec, said in an email statement provided to Infosec Island.

"Without disclosing our process of testing and tip our hand to hackers for a continued possible workaround, our team has determined, in effect, the program/code in question is a DOS batch file, i.e., a utility, designed to keep Microsoft Office 2010 in a perpetual trial mode.  More information can be found at:  http://forums.mydigitallife.info/threads/23462-IORRT-The-Official-Office-2010-VL-Rearm-Solution," Paden said.

Symantec assures that there was not breach of the 2012 Norton source code, and that end users are not vulnerable to any product exploits.

"The reference to 'Norton' is actually inserted into a hacking program used to execute the utility (back-up copies and files are needed to transfer information as part of the process to get MS office trial mode to run in perpetuity).  As such, this is NOT Norton source code that has been posted, this is not a hack of Norton source code, and this does no pose a threat in any way to Norton products,” Paden explained.

No further details on the event are available.

Possibly Related Articles:
7957
Breaches
Software
Antivirus Software Symantec Headlines hackers Norton Source Code Extortion l3g4nd crew
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.