Browse archive

Latest news

(IN)SECURE Magazine issue 34 released

Romanian hackers arrested for hitting government websites

17% of the world's PCs are unprotected

Dissecting modern privacy concerns

DNS-changing Trojan leads to phishing banking sites

Olympics fans targeted with lottery scam

WikiLeaks founder Assange loses extradition appeal

Security and privacy in the AWS cloud

UFED Touch: Field-ready mobile forensics solution

Securing the Virtual Environment

Flamer removal tool from Bitdefender

Hack In The Box conferences

McAfee closes spam-spewing hole in its anti-malware service

Posted on 20 January 2012.

McAfee has patched a vulnerability in its SaaS for Total Protection hosted anti-malware service that seems to have been misused by spammers to make users' computers spew out spam.

The flaw allowed attackers to use affected machines as an “open relays”, but didn't make available to them the data contained on the computers, said the company.

The vulnerability was discovered after a number of McAfee customers complained of having had their email blocked and IP addresses put on anti-spam blacklists. Fortunately, it took only a couple of days for the company to push out a patch for the issue and the customers' software to be automatically updated.

Another vulnerability - one which would allow an attacker to misuse an ActiveX control to execute code - was also detected in the SaaS for Total Protection solution this week, says the company, but a previous patch "cuts off the exploitation path for this issue, effectively reducing the risk to zero."

According to McAfee, the two bugs were present only in that particular service, and neither of them allowed attackers to access the data that customers have on their machines.