Huge Security Breach at Security Firm Symantec No Threat to Consumers, Analyst Says

One of the biggest security firms in the world may need to boost its own security: A hacker stole the source code behind Symantec's industry-leading antivirus program.

The code theft from the security giant will not likely affect the average computer user or compromise his computer, an analyst told -- but the breech is certainly to leave the Fortune 500 company red faced.

"This is going to end up being egg on the face of Symantec more than anything else," Anup Ghosh, founder and CEO of Virginian security firm Invincea, told "What they're trying to do here is embarrass companies. These guys are out there flexing their muscles, saying 'Hey, I have source code from Symantec to publicly humiliate them."

Ghosh called the security breech a real business risk more than anything else, one that may lead to a loss of confidence in Symantec and potential loss of market share for the publicly traded firm.

"The headline is very embarrassing to Symantec," Ghosh continued. "But this has now become the normal in securities. Every single corporation is susceptible to threats."

More On This...

Calls seeking comment from Symantec were not immediately returned on Friday.

In a statement to late Thursday, the Californian firm confirmed that source code used in two of its older enterprise security products was publicly exposed by hackers this week.

The compromised code -- between four and five years old -- does not affect does not affect Symantec's consumer-oriented Norton products as had been previously speculated, Symantec said.

"Our own network was not breached, but rather that of a third-party entity," the statement read. "We are still gathering information on the details and are not in a position to provide specifics on the third-party involved. Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec's solutions."

Symantec spokesman Cris Paden told Computerworld that the two affected products were Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2, both of which are more than five years old.

"We're taking this extremely seriously, but in terms of a threat, a lot has changed since these codes were developed," Paden told the website. "We distributed 10 million new signatures in 2010 alone. That gives you an idea of how much these products have morphed since then, when you're talking four and five years."

An Indian hacking group reportedly identifying itself as Lords of Dharmaraja claimed it had accessed source code for Symantec's Norton AV products. Using the handle "YamaTough," a member of the group initially posted several documents on Pastebin and Google+ that were purportedly proof that the group had accessed Symantec's source code.

Those initial documents, however, were not source code, but rather publicly available information from a 1999 document, Paden told Computerland. A second set of documents posted by the group did contain segments of source code, he said.

In a blog post on the code leak, Rob Rachwald, director of security for Imperva, a U.S.-based data security company based, said the incident isn't likely to keep the Symantec folks "awake too late" at night.

"After all, there isn’t much hackers can learn from the code which they hadn’t known before," Rachwald wrote. "Why? Most of the anti-virus product is based on attack signatures. By basing defenses on signatures, malware authors continuously write malware to evade signature detection (in 2007, antivirus could only detect between 20-30% of malware)."