Seems like we've heard this before, but Symantec spokesman Cris Paden said on Friday that hackers have published the source code to Norton Antivirus 2006 in the last 24 hours. The good news is that the leak doesn't pose as a threat to the millions of subscribers who have the software installed on their system.
"The code that has been exposed is so old that current out-of-the-box security settings will suffice against any possible threats that might materialize as a result of this incident," Paden said.
Norton Antivirus 2006 is one of many leaks dumped on the internet by Lord of Dharmaraja, a group affiliated with Anonymous. Symantec previously admitted that the group hacked into one of Symntec's servers and obtained the source code of many Symantec products, including Norton Antivirus 2006.
Since then, the hactivist group has released the source code to Norton Utilities and pcAnywhere, the latter of which required an upgrade after the source code went public. Symantec urged customers to disable pcAnywhere until the upgrade was issued, indicating that the leak posed a possible security risk despite the source code's age.
On Thursday the source code leak for Norton Antivirus 2006 was announced on Twitter, reporting that the torrent resided on file-sharing site The Pirate Bay. The file itself weighs at 1.07 GB and contains the source code to a number of Symantec products including the consumer edition, the corporate edition, and additional files for Windows, Unix and NetWare. A note attached to the torrent calls for the release of the LulzSec hackers who were arrested earlier this week thanks to the group's backstabbing leader, Hector Xavier Monsegur. He was not among the list to be freed.
Following reports that the Norton Antivirus 2006 source code was released, Symantec provided an official statement, assuring customers that there's nothing to worry about.
"Symantec is aware of the claims made by Anonymous that it has recently posted source code for the 2006 version of Norton Antivirus," the company states. "We are still in the process of analyzing the code to confirm its authenticity. As we have already stated publicly, this is old code, and Symantec and Norton customers will not be at an increased risk as a result of any further disclosure related to these 2006 products."