Saturday, January 7, 2012

One Per Cent

Symantec confirms antivirus source code hack

Jacob Aron, technology reporter
Security software firm Symantec has confirmed that an Indian hacking group has gained access to the source code of the company's popular Norton Antivirus software, though it says the code relates to an older version of the software and cannot be put to malicious use.
Yesterday, a group called The Lords of Dharmaraja posted a document on Pastebin (now removed, but available from Google's cache) that it claimed contained confidential information relating to the Norton Antivirus source code. Norton Antivirus is one of the world's most popular antivirus software packages, relied upon by millions of computer users worldwide.
Symantec had originally dismissed the claims, saying the document actually contained publicly available information about their software dating from 1999. But later, a hacker known as Yama Tough provided security site Infosec Island with files that appeared to contain source code from the 2006 version of Norton Antivirus.
The site passed the code on to Symantec, who then confirmed in a statement that it was genuine. "Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued," says the company, adding that this had no effect on the consumer versions of its products.
Symantec also says that the source code was not lifted from its own network, but from a yet unconfirmed third party. In their Pastebin release, The Lords of Dharmaraja claim they took the files from Indian military intelligence servers.
It is not yet clear how hackers might use the leaked source code or how much of it remains in new versions of the Symantec software. Rob Rachwald, of data security Imperva says that hackers already analysed most antivirus algorithms in an attempt to defeat them, and it might actually be Symantec's competitors that benefit most from access to the source code.
"If the source code is recent and hackers find serious vulnerabilities, it could be possible to exploit the actual anti-virus program itself," he says. "But that is a big if and no one but Symantec knows what types of weaknesses hackers could find."
The hack mirrors an attack last year on security firm RSA, which provides SecurID tokens used to grant access to corporate networks and online bank accounts. The attack may have ultimately lead to hack attempts on stealth-fighter maker Lockheed Martin and the International Monetary Fund, which both use the SecurID tokens.
Meanwhile, security firm Seculert has discovered a virus that has successfully stolen login details from over 45,000 Facebook accounts. The virus, dubbed Ramnit, was previously discovered by Microsoft in 2010 infecting Windows files and stealing passwords. It now seems to have "gone social" in order to acquire more victims.

No comments:

Post a Comment