Connect with us

Hi, what are you looking for?



Spammers Abuse Vulnerability in McAfee SaaS Total Protection Suite

Security vendor McAfee issued a patch on Thursday to address a problem impacting its SaaS Total Protection service, including a bug that allows attackers to turn a computer into a relay point for spam.

Security vendor McAfee issued a patch on Thursday to address a problem impacting its SaaS Total Protection service, including a bug that allows attackers to turn a computer into a relay point for spam.

The Intel-owned company’s SaaS Total Protection is an integrated suite of software-as-a-service (SaaS) offerings that includes Web filtering, antivirus and anti-spam capabilities. However, early this week users began complaining of a problem in the service’s ‘Rumor Technology,’ which uses file-sharing intelligence to distribute security updates within a network.

The idea behind Rumor is to enable McAfee McAfee SaaS Endpoint Protection installed agents to share anti-virus, anti-spyware and firewall product updates and upgrades with one another across a local area network, thereby saving bandwidth and management time.

However, users complained that service providers were blocking their IP address after noticing an increase in spam coming from their machines. Keith and Annabel Morrigan of British art company Kaamar warned in a blog post Monday that the issue turned affected computers into “open proxies” and that spammers were abusing port 6515.

“This means that your IP address can be used by anyone to bounce messages and spam on to other sites, as if coming from your address,” they wrote.

Though the vulnerability in the Rumor technology enables an attacker to use the machine as an “open relay,” it does not give the attacker access to data on the computer, Dave Marcus, director of security research for McAfee Labs, wrote in a blog post.

The other issue involved the abuse of an ActiveX control to execute code.

Advertisement. Scroll to continue reading.

“(This) issue has much in common with a similar issue patched in August 2011,” Marcus explained. “In fact, the patch delivered then basically cuts off the exploitation path for this issue, effectively reducing the risk to zero. Because of this, customer data is not directly at risk.”

McAfee customers using SaaS Total Protection will automatically receive the updates.

(Updated 3:05PM EST to Reflect the being being rolled out)

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.