McAfee Tackles 'Spam Hijack' Flaw in Anti-Malware Code

A flaw in the security vendor's cloud-based service allows users' systems to be used by spammers.

BBC News: Security vendor McAfee says it will release a patch for its cloud-based Total Protection service by the end of the day Thursday. Earlier this week, a British art firm that uses McAfee's SaaS to protect its networks discovered that their servers were sending out the equivalent of 10 months' worth of e-mail traffic every day. As a result, many security products had flagged the firm as spammers and were blocking the company's messages. "As an ultimate insult, even McAfee, whose software is at the root of our problems, now rate our email IP as 'High Risk': we can't email them as they have blacklisted us!" the firm blogged.

McAfee explained that a feature of McAfee's technology was inadvertently allowing "spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data of an affected machine." It added. "The forthcoming patch will close this relay capability."




Tags: spam, SaaS, security vulnerability, McAfee


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.