The Register® — Biting the hand that feeds IT

Feeds

Spam-squirting hole found in McAfee antivirus kit

Ironic server-side flaw exploited, patch promised

By John Leyden, 19th January 2012
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.

SaaS for Total Protection, the vulnerable software, will be patched on "January 18 or 19, as soon as we have finished testing", McAfee promised in a blog post published on Wednesday.

Two security issues in SaaS for Total Protection product have cropped up over recent days. The first security scare involves the possibility that an attacker might misuse an ActiveX control to execute code. The second abuses McAfee's "rumor" (update) technology to turn machines running the SaaS for Total Protection client into spam-spewing open relays.

The spam-relay problem resulted in genuine inconvenience for some McAfee customers, whose email was blocked after their IP addresses appeared on blacklists, prompting complaints to McAfee's forums and blog posts on the issue (here and here).

McAfee said the first bug is already blocked by a patch it released to address a similar problem last August. However the second spam-relaying bug still needs some attention, hence the plan to release a server-side patch this week. Since SaaS for Total Protection is a managed product, customers will not be obliged to update their software themselves.

In its blog post, the security giant said that neither of the two security issues placed customer data at any risk of exposure. Its notice explains the impact of the spam-relay flaw, which has been actively abused by spammers.

"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them," it said. "Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability."

McAfee says both the issues are restricted to SaaS for Total Protection and don't affect any of its other products.

Old-school scammers used to search the net for open relays through which they might be able to send junk mail before the botnets became the preferred technique for sending junk mail around 10 years ago. Using zombie drones to spew spam is so much easier for crooks, because of the large number of tools that have been developed to automate the process. These tools allow junk mail to be sent out in burst through different machines, rather than the same open relay, a tactic that runs circles around less sophisticated spam-filtering techniques.

Perhaps recent botnet takedowns have prompted spammers to return to older techniques but our guess is that the McAfee spam relay flaw is something of a one-off, opportunistically seized upon and exploited by a small number of spammers. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (18)
Highly Rated
Wombling_Free
Reply Icon

Learned a lesson we have, young PFY?

Much like build their own lightsaber does a Jedi, build their own rig does the BOFH

Youngling PFYs the Ways of the Net must learn.

UNLEARN the ways of the Dark Side you must: UNLEARN your hard-drive of pre-installed software you must.

If from a store your PC have you purchased, know that filled with the Dark Side it is; full of corruption and fear it is.

Windows leads to malware; malware leads to McAfee; McAfee leads to anguish; anguish leads to pain; pain leads to fear; fear leads to the Dark Side; the Dark Side leads to Windows: A circle of anguish, fear, pain and spam Windows is, young PFY.

Only when cleansed you hard-drive is can your journey to BOFH begin. Alert to pre-installed software the BOFH always is. Mindful of pre-installed Windows the wise BOFH is. Clean USB Boot Drive a BOFH always carries. A BOFHs mind and discipline his weapons are; not these crude apps of anti-malware. From Saint Travaglia and The Reg does a BOFHs knowledge and wisdom flow. Trust not the lies spread by Darth Balmer; trust not the promises of low resource use from Darth Norton.

9
0
Les Moor

People still use McAfee products?

7
0
Anonymous Coward
Anonymous Coward

No problem

They can just install some anti-malware.

4
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
124
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
57
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13