Spam-squirting hole found in McAfee antivirus kit
Ironic server-side flaw exploited, patch promised
McAfee is promising to patch a vulnerability in its hosted anti-malware service after it found a flaw that allowed systems where the product was installed to be turned into potential spam-relay nodes.
SaaS for Total Protection, the vulnerable software, will be patched on "January 18 or 19, as soon as we have finished testing", McAfee promised in a blog post published on Wednesday.
Two security issues in SaaS for Total Protection product have cropped up over recent days. The first security scare involves the possibility that an attacker might misuse an ActiveX control to execute code. The second abuses McAfee's "rumor" (update) technology to turn machines running the SaaS for Total Protection client into spam-spewing open relays.
The spam-relay problem resulted in genuine inconvenience for some McAfee customers, whose email was blocked after their IP addresses appeared on blacklists, prompting complaints to McAfee's forums and blog posts on the issue (here and here).
McAfee said the first bug is already blocked by a patch it released to address a similar problem last August. However the second spam-relaying bug still needs some attention, hence the plan to release a server-side patch this week. Since SaaS for Total Protection is a managed product, customers will not be obliged to update their software themselves.
In its blog post, the security giant said that neither of the two security issues placed customer data at any risk of exposure. Its notice explains the impact of the spam-relay flaw, which has been actively abused by spammers.
"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them," it said. "Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine. The forthcoming patch will close this relay capability."
McAfee says both the issues are restricted to SaaS for Total Protection and don't affect any of its other products.
Old-school scammers used to search the net for open relays through which they might be able to send junk mail before the botnets became the preferred technique for sending junk mail around 10 years ago. Using zombie drones to spew spam is so much easier for crooks, because of the large number of tools that have been developed to automate the process. These tools allow junk mail to be sent out in burst through different machines, rather than the same open relay, a tactic that runs circles around less sophisticated spam-filtering techniques.
Perhaps recent botnet takedowns have prompted spammers to return to older techniques but our guess is that the McAfee spam relay flaw is something of a one-off, opportunistically seized upon and exploited by a small number of spammers. ®
Learned a lesson we have, young PFY?
Much like build their own lightsaber does a Jedi, build their own rig does the BOFH
Youngling PFYs the Ways of the Net must learn.
UNLEARN the ways of the Dark Side you must: UNLEARN your hard-drive of pre-installed software you must.
If from a store your PC have you purchased, know that filled with the Dark Side it is; full of corruption and fear it is.
Windows leads to malware; malware leads to McAfee; McAfee leads to anguish; anguish leads to pain; pain leads to fear; fear leads to the Dark Side; the Dark Side leads to Windows: A circle of anguish, fear, pain and spam Windows is, young PFY.
Only when cleansed you hard-drive is can your journey to BOFH begin. Alert to pre-installed software the BOFH always is. Mindful of pre-installed Windows the wise BOFH is. Clean USB Boot Drive a BOFH always carries. A BOFHs mind and discipline his weapons are; not these crude apps of anti-malware. From Saint Travaglia and The Reg does a BOFHs knowledge and wisdom flow. Trust not the lies spread by Darth Balmer; trust not the promises of low resource use from Darth Norton.
People still use McAfee products?
They can just install some anti-malware.