McAfee has issued a patch for a flaw in its hosted anti-malware service Total Protection which allowed spammers to hijack customers machines to serve spam.
McAfee said in a blog post announcing the patch that there was no evidence of any loss of customer data in relation to two threats to customers.
“In the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our “rumor” technology to allow an attacker to use an affected machine as an “open relay,” which could be used to send spam,” wrote David Marcus McAfee’s security research director.
Marcus said a patch by McAfee that dealt with a similar issue last August prevented any risk to customer data, however the remaining problems allowed spammers to “bounce off” affected machines, resulting in an increase in outbound email.
Tipping Point, HP’s network division security unit, discovered the flaw last April, but released details last week, despite the lack of a patch. The unit maintains a policy to disclose a flaw three months after notifying the affected vendor.
Marcus said customers around the world should receive the patch automatically on either 18 or 19 January.