The flaw in McAfee’s SaaS for Total Protection can be used by attackers to send spam from victims’ computers
LONDON (01/19/2012) – McAfee expects to patch by Thursday two problems with its SaaS Total Protection antimalware service, one of which lets an attacker use a computer as a spam relay.
SaaS Total Protection is a hosted security service from Intel-owned McAfee. Clients sign up for the service, which provides features such as a firewall, antivirus scans and antispam services that run in McAfee’s data centers.
One of the issues allows spammers to “bounce off” affected machines and allow the relaying of spam, Dave Marcus, director of security research for McAfee, wrote on Wednesday.
The problem came to light when some users reported their service providers had blocked their IP address after noticing an uptick in unsolicited email streaming from their computers.
The vulnerability can be exploited by misusing McAfee’s “Rumor,” a peer-to-peer file sharing technology the company developed to distribute security updates within an internal network. The spam-related problem does not, however, allow an attacker to gain access to data on the computer, Marcus wrote.
The other issue involves abuse of an ActiveX control, which is a small add-on program that works in a Web browser to facilitate the downloading of programs or security updates.
Marcus did not elaborate further on the problem but wrote that it “has much in common with a similar issue patched in August 2011. In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk.”
Patches should be ready following testing by Thursday, Marcus wrote. McAfee customers using SaaS Total Protection will automatically receive the updates.Related Download
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.