Feeds

Spam-squirting hole found in McAfee antivirus kit

Ironic server-side flaw exploited, patch promised

The Power of One eBook: Top reasons to choose HP BladeSystem

McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.

SaaS for Total Protection, the vulnerable software, will be patched on "January 18 or 19, as soon as we have finished testing", McAfee promised in a blog post published on Wednesday.

Two security issues in SaaS for Total Protection product have cropped up over recent days. The first security scare involves the possibility that an attacker might misuse an ActiveX control to execute code. The second abuses McAfee's "rumor" (update) technology to turn machines running the SaaS for Total Protection client into spam-spewing open relays.

The spam-relay problem resulted in genuine inconvenience for some McAfee customers, whose email was blocked after their IP addresses appeared on blacklists, prompting complaints to McAfee's forums and blog posts on the issue (here and here).

McAfee said the first bug is already blocked by a patch it released to address a similar problem last August. However the second spam-relaying bug still needs some attention, hence the plan to release a server-side patch this week. Since SaaS for Total Protection is a managed product, customers will not be obliged to update their software themselves.

In its blog post, the security giant said that neither of the two security issues placed customer data at any risk of exposure. Its notice explains the impact of the spam-relay flaw, which has been actively abused by spammers.

"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them," it said. "Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability."

McAfee says both the issues are restricted to SaaS for Total Protection and don't affect any of its other products.

Old-school scammers used to search the net for open relays through which they might be able to send junk mail before the botnets became the preferred technique for sending junk mail around 10 years ago. Using zombie drones to spew spam is so much easier for crooks, because of the large number of tools that have been developed to automate the process. These tools allow junk mail to be sent out in burst through different machines, rather than the same open relay, a tactic that runs circles around less sophisticated spam-filtering techniques.

Perhaps recent botnet takedowns have prompted spammers to return to older techniques but our guess is that the McAfee spam relay flaw is something of a one-off, opportunistically seized upon and exploited by a small number of spammers. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.