McAfee fixes hosted-service spam flaw

McAfee puts Total Protection together again.

McAfee has issued a patch for a flaw in its hosted anti-malware service Total Protection which allowed spammers to hijack customers machines to serve spam.

McAfee said in a blog post announcing the patch that there was no evidence of any loss of customer data in relation to two threats to customers.

“In the first, an attacker might misuse an ActiveX control to execute code. The second involves a misuse of our “rumor” technology to allow an attacker to use an affected machine as an “open relay,” which could be used to send spam,” wrote David Marcus McAfee’s security research director.

Marcus said a patch by McAfee that dealt with a similar issue last August prevented any risk to customer data, however the remaining problems allowed spammers to “bounce off” affected machines, resulting in an increase in outbound email.

Tipping Point, HP’s network division security unit, discovered the flaw last April, but released details last week, despite the lack of a patch. The unit maintains a policy to disclose a flaw three months after notifying the affected vendor.

Marcus said customers around the world should receive the patch automatically on either 18 or 19 January.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about etworkHewlett-Packard AustraliaHPMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts