McAfee to plug spam hole this week

McAfee to plug spam hole this week

Summary: McAfee will release a fix this week for a bug in its software that scammers were using to distribute spam.

TOPICS: Security

McAfee will release a fix this week for a bug in its SaaS for Total Protection anti-malware service that scammers were using to distribute spam, the company said today.

The problem came to light after McAfee customers reported in blog posts and forum sites that spammers were using a hole in McAfee's RumorServer relay service to secretly send spam from their machines. The customers said they noticed the problem after their e-mails were blocked by e-mail providers and their IP addresses appeared on blacklists.

The problem is isolated to the SaaS Total Protection service, according to David Marcus, director of security research at McAfee Labs. There is no evidence that any customer data has been lost or compromised as a result of the problem, he said.

"The patch will be released on January 18 or 19, as soon as we have finished testing," Marcus wrote. "Because this is a managed product, all affected customers will automatically receive the patch when it is released.

There are two issues with the software. One vulnerability could allow an attacker to misuse an ActiveX control to execute code on victim's computer. The second one, which is the issue the customers complained about, allows an attacker to misuse the "open relay" technology in the software.

"The first issue has much in common with a similar issue patched in August 2011," Marcus wrote. "In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk."

"The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine," he said. "The forthcoming patch will close this relay capability."

About Elinor Mills
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I am already ahead of that

    I remove McCafee on sight, generally on new Dells that I set up. I remove it along with all of the other crapware when I first boot up the machine. Pity. There was a time when McCafee was my goto product for cleaning machines, but that was long ago.
  • RE: McAfee to plug spam hole this week

    Have you seen the news on the Norton vulnerability...much worse than McAfee.
  • RE: McAfee to plug spam hole this week

    Vulnerabilities, errors, false positives are a common theme among many AntiVirus - AntiMalware companies.

    How you separate the best from the worst are:
    1) How quick they address the problem.
    2)How often they have a problem.

    McAfee ranks worst, especially with the speed a known problem is actually addressed, instead of blaming it on the end user.