McAfee tackles 'spam hijack' flaw in anti-malware code

Discussion in 'Anti-Virus' started by Virus Guy, Jan 19, 2012.

  1. Virus Guy

    Virus Guy Guest

    http://www.bbc.co.uk/news/technology-16627713

    19 January 2012 Last updated at 06:47 ET
    McAfee tackles 'spam hijack' flaw in anti-malware code

    A leading anti-virus software firm says a flaw in one of its programs
    has exposed its customers' computers to the risk of being hijacked by
    spammers. McAfee said it planned to release a patch for its SaaS for
    Total Protection service by the end of Thursday. The software is
    marketed as a "peace of mind" solution offering "complete email and web
    protection".

    McAfee said there had been at least one related attack, but stressed
    that users' data had not been put at risk.

    The problem was exposed on British art firm Kaamar Limited's blog
    earlier this week. Keith and Annabel Morrigan posted a warning to other
    owners of the product after receiving a message alerting them to the
    fact that their server had been sending out spam emails.

    They said that further research had revealed their computer had been
    sending out the equivalent of what would have been 10 months' worth of
    normal traffic in one day. After linking the botnet attack to a problem
    with their anti-malware software's "Rumor Service" they said that they
    had alerted McAfee to the problem on 5 January.

    The owners of the Staffordshire-based business noted that their email
    address had been flagged up as a threat as a consequence of the attack,
    meaning that even their legitimate messages were now being blocked from
    delivery.

    "As an ultimate insult, even McAfee, whose software is at the root of
    our problems, now rate our email IP as 'High Risk': we can't email them
    as they have blacklisted us!" they wrote.
    Alternative products

    McAfee's director of security research, David Marcus, confirmed the
    problem with the firm's software on the firm's blog on Wednesday. He
    acknowledged "a misuse of our 'rumor' technology to allow an attacker to
    use an affected machine as an 'open relay', which could be used to send
    spam".

    "The... issue has been used to allow spammers to bounce off of affected
    machines, resulting in an increase of outgoing email from them. Although
    this issue can allow the relaying of spam, it does not give access to
    the data of an affected machine. "The forthcoming patch will close this
    relay capability."

    Computer security experts said that the affair should not dissuade
    computer users from installing protection software.

    "It is very unusual for products such as those from McAfee to have a
    security flaw, and the knowledge necessary to exploit such a flaw is
    rarer still. So, people should use products like this as otherwise you
    lay yourself open to far more likely attacks," said Prof Alan Woodward
    from the University of Surrey's Department of Computing.

    "There is an argument being expressed in the community of late that very
    popular products are more likely to be examined by hackers for flaws as
    any flaw would then give access to a high number of machines. But, using
    less well-known products means you do not necessarily have access to the
    same depth of expertise or the infrastructure available from the bigger
    brands."
     
    Virus Guy, Jan 19, 2012
    #1
    1. Advertisements

  2. Too phunny and very embarrassing for Intel.
     
    David H. Lipman, Jan 19, 2012
    #2
    1. Advertisements

  3. Virus Guy

    idbeholda Guest

    The whole thing smacks of irony. Oh well, that'll hopefully drive a
    few more away from McCrapee.
     
    idbeholda, Jan 20, 2012
    #3

  4. ;-)

    To think McAfee "is" HBSS. Oh the irony of it all.
     
    David H. Lipman, Jan 20, 2012
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.