McAfee software allows spam for hijacked PCs

McAfee software allows spam for hijacked PCs

Summary: McAfee is looking into a problem with a service in its SaaS Endpoint Protection software that appears to be allowing computers to serve as open proxies for sending spam.

SHARE:
TOPICS: Hardware, CXO
37


Photo credit: Credit: Mr.HinkyDink's UT Blog

McAfee is looking into a problem with a service in its SaaS Endpoint Protection software that appears to be allowing computers to serve as open proxies for sending spam, the company told CNET today.

"We are aware of the issue and have both threat analytics and development teams diligently analyzing the problem and possible solutions," the company said in a statement. "We will have more information on the issue shortly."

Related story: Symantec confirms hacker theft of Norton anti-virus source code:

A public relations representative said she was attempting to get more information on the matter but did not get back to CNET by the end of the work day. The problem was reported by McAfee customers on the Web who complained that their e-mails were being blocked by e-mail providers and their IP addresses were being blacklisted for sending spam.

The problem appears to be in the RumorServer Service myAgtSvc.exe, McAfee Peer Distribution Service, which is part of McAfee SaaS Endpoint Protection Suite, previously known as Total Protection Service, according to the Kaamar Blog. The technology, used for delivering updates to computers without a direct Internet connection, serves as an Open Proxy on Port 6515, which effectively opens the computer up to being used by spammers to use the computer to send spam to other sites that looks like it is coming from that IP address, the blog post says.

The Kaamar blog first detected a problem on January 4 when e-mail was returned undelivered with a message saying "Our system has detected an unusual rate of unsolicited mail originating from your IP address."

"Our Windows 2008 server was one of the computers affected. We first realised there was a problem on the 4th January 2012 when an email was returned undelivered with the message: "Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been blocked," the blog post says. "On checking through our mail logs, we also noticed that an earlier email sent 2nd January had been delayed with a message saying our IP was on the spamhaus/cbl list as being infected with a trojan spambot."

The Kaamar blog site was able to stop the traffic on January 5 but received a data limit warning from the ISP that the site was nearing its monthly limit for traffic in only a few days. The problem, which appeared to start December 31, 2011, caused the site to get the equivalent of 10 months of normal traffic in just one day, according to the post. Meanwhile, IP addresses for the site were on several public blacklists for spamming activity.

Mr.HinkyDink's UT Blog reported finding nearly 1,900 IP addresses serving as open proxies running the McAfee software since December 1, 2011.

The Kaamar blog has instructions for checking to see if a computer is affected and protecting computers until McAfee fixes the problem.

In the meantime, a McAfee customer posted on a Microsoft Technet forum that "McAfee has developed a patch that will instruct rumor to not respond to most incoming requests on port 6515. The patch will be posted through updates over a week time. The updated version will show 5.2.3 patch 4."

About Elinor Mills
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.

Topics: Hardware, CXO

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

37 comments
Log in or register to join the discussion
  • RE: McAfee software allows spam for hijacked PCs

    i think the same thing is happen on msn email server
    escortboy01
    • RE: McAfee software allows spam for hijacked PCs

      @escortboy01
      hmmm..... I have noticed a LOT more spam in my Hotmail inbox lately.
      joeydog
  • I'm not a fan of McAfee

    This is why I don't much like McAfee. Personally I'm more of a Panda Cloud AV or Ad-aware person. I do like Avira but unfortunately it's not compatible with Threatfire which is supplementary protection made by PCTools.
    imanerd11
  • RE: McAfee software allows spam for hijacked PCs

    McAfee and Symantec products being crapware isn't news. It's simply a fact of the industry.
    johnukguy
    • RE: McAfee software allows spam for hijacked PCs

      @johnarkle@... Ooooh! I couldn't have said it better myself, my friend.
      Galidari
      • RE: McAfee software allows spam for hijacked PCs

        @Galidari

        Yeah, that is the biggest "open secret" in IT. Doesn't stop them from continuing to be rolled out across the organization though because "that is who has had the contract for 15 years and it would be too much trouble to switch".
        admiraljkb
    • RE: McAfee software allows spam for hijacked PCs

      @Galidari...it's not just a matter of roll-out difficulty, it's a matter of...when the sh*t hits the fan and the company CEO asks how it could happen would you rather say "Gee, boss, we're using the most widely used product in the industry" or "Gee, boss, the tech community says that Bob's anti-virus offers the most protection so I went with that product."

      I think Answer B would have you on the unemployment line faster than Answer A.
      DukeB
      • RE: McAfee software allows spam for hijacked PCs

        @Doug_N ...So, that's how Microsloth stays in business. Everybody knows it's unsecure junk, but it's too much trouble to change platforms.
        And, "But boss, it's what everybody else uses."
        captainanalog
    • RE: McAfee software allows spam for hijacked PCs

      @johnarkle@... Amen to that! McAfee/Symantec are SH!T
      Jselim
    • RE: McAfee software allows spam for hijacked PCs

      @johnarkle@... Very well put +10 :D
      MrElectrifyer
  • RE: McAfee software allows spam for hijacked PCs

    I'm shocked!!! SHOCKED!!! I say...
    Norton_is_Useless
    • RE: McAfee software allows spam for hijacked PCs

      @Norton_is_Useless LoL It's sickening... Do you hear me??? SICKENING!!!
      Jselim
  • RE: McAfee software allows spam for hijacked PCs

    The 2 worse products you can use are Mcaffee and Nortons.They find nothing and protect nothing. using either is like using a net without the neting.
    Fletchguy
  • RE: McAfee software allows spam for hijacked PCs

    This is very disturbing...first symantec source code stolen and now mcafee hacked? I'm having very similar issue, but I don't have that mcafee product. I have mcafee virus scan enterprise 8.5.0i.<br><br>A couple of weeks ago we had a user who had the "fake virus scan" on their PC. At that same time, we noticed that our smtp server wasn't sending out emails. It turns out that our IP has been blocked. Checking with mxtoolbox.com didn't show we were on any list, but going through the rejected mails show we were blocked by 88.blocklist.zap. We remove the malware on that PC and request to be unblocked. This week we were put back on the blocklist for some reason. Found out another user was infected with same malware "fake virus scan" I don't see how the heck mcafee is not blocking that from installing in the first place. And now I'm wondering if it's causing the spam mail that put us on the blocklist. The 88.blocklist.zap is own by microsoft. The second time we request to be removed took longer and I feel that if we get put back on the blocklist a third time, they might not remove us from the blocklist.
    npung@...
    • RE: McAfee software allows spam for hijacked PCs

      @npung@... I got hit Sunday night while surfing file download sites[serves me right]. I run WIN7 up to date and McAfee Enterprise Version number: 4.5.0.1719 Managed, and Chrome 16.0.912 as my browser. My PC locked up, and I got a screen telling me my PC was locked for access an illegal website and that I had to pay the Metropolitan Police to get it unlocked. I shut off my network connection, reboot and the same lock screen.

      After going through a safe boot, removing the lines inserted into the startup in the registry and isolating the program executed, deleting everything in my temp folders, running full virus scans with McAfee, Windows Defender and ESET, all of which found nothing. I was going to report to McAfee, I still have the details and was going to report it to McAfee but their website was too much trouble
      cathcam
    • RE: McAfee software allows spam for hijacked PCs

      @npung@... At least the Fake Viruse scan is easy problem to correct!
      aussieblnd@...
    • When those claiming

      @npung@... "We can protect you", can't protect themselves, you know for a fact the worse kept secret in "I.T. Security" has simply had any doubts removed about the charlatans they are: anti-* software has always been a scam built upon providing false hope to the sheeple; McAfee, Norton and so many others peddling false security as a matter of course.<br><br>If anyone here is surprised by this, than (like you), they've obviously been grossly misinformed over the years and trusting (..naive, gullible) enough to put their fate in others hands. <br><br>This is the problem with the great unwashed, masses: forever placing their faith in the wrong people. Meanwhile, those that have warned about just such events as these latest occurrences - for many years - have had their dire warnings fall on deaf ears.<br><br>[i]" ...Public Image, you got what you wanted."[/i]
      thx-1138_
  • RE: McAfee software allows spam for hijacked PCs

    There's a lot of bored talent out there and too many opportunities to stay bored.
    trm1945
  • I don't get hijacked...

    I don't even have to run McAfee or Norton or any of the fake protection that comes with Windows, it's called Linux Mint, works for me, suckers.
    tek_heretik
    • RE: McAfee software allows spam for hijacked PCs

      @tek_heretik

      +1

      :)
      ScorpioBlue