Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

McAfee due to patch spam relay problem in cloud product

The flaw in McAfee's SaaS for Total Protection can be used by attackers to send spam from victims' computers

McAfee expects to patch by Thursday two problems with its SaaS Total Protection antimalware service, one of which lets an attacker use a computer as a spam relay.

SaaS Total Protection is a hosted security service from Intel-owned McAfee. Clients sign up for the service, which provides features such as a firewall, antivirus scans and antispam services that run in McAfee's data centers.

One of the issues allows spammers to "bounce off" affected machines and allow the relaying of spam, Dave Marcus, director of security research for McAfee, wrote on Wednesday.

The problem came to light when some users reported their service providers had blocked their IP address after noticing an uptick in unsolicited email streaming from their computers.

The vulnerability can be exploited by misusing McAfee's "Rumor," a peer-to-peer file sharing technology the company developed to distribute security updates within an internal network. The spam-related problem does not, however, allow an attacker to gain access to data on the computer, Marcus wrote.

The other issue involves abuse of an ActiveX control, which is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates.

Marcus did not elaborate further on the problem but wrote that it "has much in common with a similar issue patched in August 2011. In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk."

Patches should be ready following testing by Thursday, Marcus wrote. McAfee customers using SaaS Total Protection will automatically receive the updates.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, Intel, McAfee
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: mcafee, security
Latest Blog Posts
Whitepapers
  • Work Life Web 2011
    The 2011 WorkLifeWeb research shows that, while the new social Web is a potential tool for corporate success, there are ‘social media growing pains’ in evidence among both frontline workers and their managers.
    Learn more »
  • Business Intelligence Best Practices for Dashboard Design
    Even if a dashboard’s appearance looks professional and is aesthetically pleasing, appearances can be deceiving. Although visual design is important, it is also important to ask yourself: Is the data reliable? Is it timely? Is any data missing? Is it consistent across all dashboards?. This paper offers an overview of best practice business intelligence (BI) dashboard design principles and discusses data integration options for getting data into a dashboard.
    Learn more »
  • IDC Insight: V-Ray Gives Symantec NetBackup a Competitive Advantage Today and into the Future
    Over a decade ago, Veritas software announced NetBackup FlashBackup to address the millions of small files problem, which had been and often remains the nemesis to fast and efficient backup of large file servers. Today, the FlashBackup technology is used to provide a logical understanding of what is stored with a VMDK- or VHD-image-level backup, without the necessity to install an agent inside each virtual machine. Read more.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments