McAfee tackles 'spam hijack' flaw in anti-malware code

A leading anti-virus software firm says a flaw in one of its programs has exposed its customers' computers to the risk of being hijacked by spammers. McAfee said it planned to release a patch for its SaaS for Total Protection service by the end of Thursday. The software is marketed as a "peace of mind" solution offering "complete email and web protection". McAfee said there had been at least one related attack, but stressed that users' data had not been put at risk. The problem was exposed on British art firm Kaamar Limited's blog earlier this week. Keith and Annabel Morrigan posted a warning to other owners of the product after receiving a message alerting them to the fact that their server had been sending out spam emails. They said that further research had revealed their computer had been sending out the equivalent of what would have been 10 months' worth of normal traffic in one day. After linking the botnet attack to a problem with their anti-malware software's "Rumor Service" they said that they had alerted McAfee to the problem on 5 January. The owners of the Staffordshire-based business noted that their email address had been flagged up as a threat as a consequence of the attack, meaning that even their legitimate messages were now being blocked from delivery. "As an ultimate insult, even McAfee, whose software is at the root of our problems, now rate our email IP as 'High Risk': we can't email them as they have blacklisted us!" they wrote. Alternative products McAfee's director of security research, David Marcus, confirmed the problem with the firm's software on the firm's blog on Wednesday. He acknowledged "a misuse of our 'rumor' technology to allow an attacker to use an affected machine as an 'open relay', which could be used to send spam". "The... issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them. Although this issue can allow the relaying of spam, it does not give access to the data of an affected machine. "The forthcoming patch will close this relay capability." Computer security experts said that the affair should not dissuade computer users from installing protection software. "It is very unusual for products such as those from McAfee to have a security flaw, and the knowledge necessary to exploit such a flaw is rarer still. So, people should use products like this as otherwise you lay yourself open to far more likely attacks," said Prof Alan Woodward from the University of Surrey's Department of Computing. "There is an argument being expressed in the community of late that very popular products are more likely to be examined by hackers for flaws as any flaw would then give access to a high number of machines. But, using less well-known products means you do not necessarily have access to the same depth of expertise or the infrastructure available from the bigger brands."