McAfee To Issue Patch To Prevent Spam Hijacking

Intel’s security division, McAfee, has confirmed that it will shortly issue a patch to fix two potential vulnerabilities with its SaaS Total Protection anti-malware service.

One of the flaws could have turned a innocent computer system into a potential open spam-relay, which could allow attackers to use it to send out spam.

Spam Relays

The problems came to light after some users began to notice that their Internet Service Providers (ISPs) had begun blocking their IP addresses, after they had begun noting an increase in unsolicited email streaming from the affected computers.

“McAfee software has been hacked, turning the affected computers into “open proxies” and allowing dubious users to hijack their internet connection to access illicit sites and send spam, as if coming from them!” warned a blog, somewhat birrazely belonging to a mosaic tile art firm (Kaamar).

The first problem stems from the misuse of McAfee’s peer-to-peer file sharing technology dubbed ‘Rumor’. This was created by McAfee to distribute security updates to computers without a direct internet connection (i.e. connected by an internal network).

The second issue involves the misuse of an ActiveX control in order to execute code.

Patches Promised

McAfee was quick to respond to the potential vulnerabilities and assured users that a patch was on the way.

“McAfee treats security issues in our products very seriously,” wrote David Marcus, McAfee’s director of security research on a blog posting. He said that the problems affect all of the vendor’s products, but concerns a single product, namely SaaS for Total Protection, its hosted anti-malware service.

“We have mitigating factors already in place that reduce risk, and a patch is coming to remediate any additional risk to our customers. The patch will be released on January 18 or 19, as soon as we have finished testing. Because this is a managed product, all affected customers will automatically receive the patch when it is released.”

McAfee said it had not no evidence of loss or compromise of any customer data in relation to either of these issues.

Marcus did not go into further detail about the ActiveX problem, but admitted it had “much in common with a similar issue patched in August 2011.”

“In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero,” he wrote. “Because of this, customer data is not directly at risk.”

And regarding the Rumor problem that could potentially turn innocent machines into spam machines, McAfee acknowledged that the flaw has been exploited to “allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them.”

Symantec U-Turn

“Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine,” Marcus wrote in an attempt to reasure affected users. “The forthcoming patch will close this relay capability.”

The McAfee vulnerability comes after security rival Symantec was forced to admit embarrassingly that thieves had breached its servers and stolen the source code for a number of its security products, despite previous claims to the contrary.

Last November Kaspersky Lab warned that cyber criminals are increasingly behind fake antivirus software, which is nowadays getting much better at copying the look and feel of legitimate antivirus products.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • Jeez, Windows. Gates could have fixed this years ago, but Symantec et al complained vehemently. This is not about security, it's about money. Get a Mac.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago