Leaked Symantec source code is five years old

Following claims made by a Indian hacker group that they are in possession of source code for Symantec’s Norton Antivirus solution and that they plan to post in online, the security company has initiated an investigation into the matter, Computerworld reports.

The hackers, who dubbed themselves Lords of Dharmaraja, have eventually posted some code and documents. Symantec has analyzed it all and said that one of the documents – dated April 28, 1999 – contained details about the Application Programming Interface for the Definition Generation Service, but no source code.

They also found out that some of the source code of two of its security products – Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 – was indeed made available by the group online.

“Symantec can confirm that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued,” the company revealed on its Facebook page. “The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers.”

The company also claims that the code wasn’t stolen through a breach of its networks, but possibly by compromising the networks of a third party entity – a claim that seems to be confirmed by one of the hackers who hinted at a breach into an Indian government server.

“Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions,” the company insists. “Furthermore, there are no indications that customer information has been impacted or exposed at this time. However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.”