McAfee SaaS Antivirus Spews Spam

  /     /     /  
Publicated : 22/11/2024   Category : security


McAfee SaaS Antivirus Spews Spam


Spammers are actively exploiting a hole in the antivirus software to create spam relays; McAfee says patch is forthcoming.



Spammers have been exploiting a bug in McAfees software-as-a-service (SaaS) antivirus software to turn PCs into spam relays. As a result, a number of McAfees customers have had their emails blocked after their Internet protocol (IP) addresses were blacklisted by anti-spam services.
David Marcus, director of security research for McAfee Labs, posted a blog Wednesday detailing the
two bugs
being exploited to relay spam. Both bugs are in one of its products: McAfee SaaS Endpoint Protection Suite, formerly known as SaaS for Total Protection, which is a hosted anti-malware service.
McAfee, which is owned by Intel, has been actively developing and testing a patch for both bugs, which it plans to make live by Thursday. Because this is a managed product, all affected customers will automatically receive the patch when it is released, said Marcus.
[ Security threats are running high. See
Facebook Users Hit By Money-Grubbing Malware
. ]
Until the patch is ready, there are mitigating factors already in place that reduce risk for customers, according to Marcus. In addition, he said there was no evidence of loss or compromise of any customer data in relation to either of these issues. But network managers who want to be extra safe can proactively disable the Rumor or McAfee Peer Distribution Service, and set external firewalls to block incoming requests to port 6515. (The Kaamar.com website contains
detailed instructions
for doing this.)
One of the SaaS Endpoint Protection Suite bugs involves an ActiveX control, which an attacker could misuse to execute arbitrary code. Marcus said that a patch it put in place in August 2011, to address a similar issue, had prevented attackers from exploiting the new vulnerability to access customer data.
The second bug involves McAfees
Rumor technology
, which uses peer-to-peer networking to distribute security updates inside a network. Due to the bug, attackers can use machines that run the SaaS Endpoint Protection Suite as
open relays
for sending large amounts of spam.
Although this issue can allow the relaying of spam, it does not give access to the data on an affected machine, said Marcus. He said McAfees forthcoming patch will block the spam-relaying capability.
Two McAfee SaaS Endpoint Protection Suite customers, Keith and Annabel Morgan, posted a blog Monday saying that theyd had emails blacklisted by spam services, since the IP addresses on which they host their own servers were the same ones exploited by spammers via the spam-relay hole in the McAfee product. We found our IP addresses ... on several public blacklists that had detected the spamming activity passing through our open proxy during the few days it was open.
The couple said they first detected the problem on January 4, when an email was returned, undelivered, with a notice that all email from their IP was being blocked to protect people from spam. By the next day, they said, theyd disabled the Rumor technology and halted the spam relaying. But [we] received a traffic data limit warning from our ISP that we were approaching our whole months traffic in only a few days, they said. At peak we had the equivalent of 10 months of our normal traffic in one day.
ITs spending as much as ever on disaster recovery, despite advances in virtualization and cloud techniques. Its time to break free. Download our
Disaster Recovery Disaster
supplement now. (Free registration required.)

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
McAfee SaaS Antivirus Spews Spam