McAfee patches spam relay flaw

Powered by SC Magazine
 

Customers find their email and IP addresses on blacklists.

McAfee has begun to plug a hole in its hosted anti-malware service that allowed spam to be relayed though subscribers, a feat that caused customer email and IP addresses to be blacklisted.

The flaw in the update server for SaaS for Total Protection, dubbed RumourServer, could be exploited to force connecting nodes to deliver spam.

“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them,” McAfee security researcher director Dave Marcus said in a statement.

The flaw did not grant access to user data, however users who first reported the flaw said they were made aware after their IP and email addresses were added to blacklists for sending spam.

The update will be made server-side and will not require user intervention.

A separate hole could allow attackers to exploit an ActiveX control and remote execute code. This vulnerability was patched in an August update.

Copyright © SC Magazine, Australia


McAfee patches spam relay flaw
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 888

Vote