McAfee To Issue Patch To Prevent Spam Hijacking

Intel’s security division, McAfee, has confirmed that it will shortly issue a patch to fix two potential vulnerabilities with its SaaS Total Protection anti-malware service.

One of the flaws could have turned a innocent computer system into a potential open spam-relay, which could allow attackers to use it to send out spam.

Spam Relays

The problems came to light after some users began to notice that their Internet Service Providers (ISPs) had begun blocking their IP addresses, after they had begun noting an increase in unsolicited email streaming from the affected computers.

“McAfee software has been hacked, turning the affected computers into “open proxies” and allowing dubious users to hijack their internet connection to access illicit sites and send spam, as if coming from them!” warned a blog, somewhat birrazely belonging to a mosaic tile art firm (Kaamar).

The first problem stems from the misuse of McAfee’s peer-to-peer file sharing technology dubbed ‘Rumor’. This was created by McAfee to distribute security updates to computers without a direct internet connection (i.e. connected by an internal network).

The second issue involves the misuse of an ActiveX control in order to execute code.

Patches Promised

McAfee was quick to respond to the potential vulnerabilities and assured users that a patch was on the way.

“McAfee treats security issues in our products very seriously,” wrote David Marcus, McAfee’s director of security research on a blog posting. He said that the problems affect all of the vendor’s products, but concerns a single product, namely SaaS for Total Protection, its hosted anti-malware service.

“We have mitigating factors already in place that reduce risk, and a patch is coming to remediate any additional risk to our customers. The patch will be released on January 18 or 19, as soon as we have finished testing. Because this is a managed product, all affected customers will automatically receive the patch when it is released.”

McAfee said it had not no evidence of loss or compromise of any customer data in relation to either of these issues.

Marcus did not go into further detail about the ActiveX problem, but admitted it had “much in common with a similar issue patched in August 2011.”

“In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero,” he wrote. “Because of this, customer data is not directly at risk.”

And regarding the Rumor problem that could potentially turn innocent machines into spam machines, McAfee acknowledged that the flaw has been exploited to “allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them.”

Symantec U-Turn

“Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine,” Marcus wrote in an attempt to reasure affected users. “The forthcoming patch will close this relay capability.”

The McAfee vulnerability comes after security rival Symantec was forced to admit embarrassingly that thieves had breached its servers and stolen the source code for a number of its security products, despite previous claims to the contrary.

Last November Kaspersky Lab warned that cyber criminals are increasingly behind fake antivirus software, which is nowadays getting much better at copying the look and feel of legitimate antivirus products.