McAfee customers used to spread spam
McAfee is warning of a vulnerability in its Security-as-a-Service (SaaS) for Total Protection product which can be exploited to make affected machines relay spam. In a post on its blog, the company says that the problem in its hosted anti-malware service has now been fixed, noting that affected systems were updated on Thursday 19 January.
The vulnerability allowed attackers to use Total Protection users' computers as open email relays and to use this capability to send out spam messages. However, it did not apparently allow access to any customer data. The problem was discovered as a result of complaints from customers who found that their emails were being blocked and their IP addresses were being added to anti-spam blacklists.
ZDI recently disclosed details of a further vulnerability which apparently enabled attackers to execute embedded code. In response to an enquiry by The H's associates at heise Security, McAfee confirmed that this vulnerability no longer poses any risk. According to McAfee, they discovered a similar problem in August and fixed it by setting the kill bit for the relevant ActiveX control. The company says that this means that it is no longer possible to exploit the vulnerability reported by ZDI, adding that it was planning to remove the code giving rise to the vulnerability shortly.
The ineffective nature of communications between ZDI and McAfee is disquieting. In response to a heise Security enquiry, ZDI confirmed that it had regularly asked McAfee about the status of the vulnerability, but had received no response. McAfee itself was initially also unable to provide any clear information about the significance and status of the problem. The vulnerability appears to have simply slipped from the company's radar and then been blocked purely by chance.