Symantec: Hackers did steal code, but it's old

By on
Symantec: Hackers did steal code, but it's old

Symantec has confirmed reports hackers compromised a portion of its source code, but claimed the stolen code is related to two enterprise security products that have been discontinued.

The code belonged to Endpoint Protection 11.0 and Antivirus 10.2, which are four and five years oldrespectively. Symantec's consumer security line, Norton, was not affected.

"Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solution," the company said in a Facebook update. "Furthermore, there are no indications that customer information has been impacted or exposed at this time."

Symantec said an unnamed third-party network, not its own, was breached.

Last Thursday a cyber gang named The Lords of Dharmaraja claimed in a Pastebin document to possess source code belonging to a dozen software companies. A second document contained a sneak peak of the Symantec source code and promised a complete exposure.

A spokesman for the anti-virus company originally denied that any of the documents revealed code, but the company has since confirmed one did include a segment of the programming language.

Experts said the age of the code will likely prevent misuse.

"In general, there isn't much hackers can learn from the code which they hadn't known before," director of security strategy at Imperva, Rob Rachwald, said. "Why? Most of the anti-virus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection. With code that is four to five years old, chances are the software product has changed quite a bit, making the code even less useful."

This article originally appeared at

Copyright © SC Magazine, US edition

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


What's the biggest risk when partnering with other partners?
They might steal my clients
Loss of profitability
They might provide poor service to my clients
Lack of accountability, risk of finger-pointing
View poll archive

Log In

Username / Email:
  |  Forgot your password?