Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
McAfee has begun to plug a hole in its hosted anti-malware service that allowed spam to be relayed though subscribers, a feat that caused customer email and IP addresses to be blacklisted.
The flaw in the update server for SaaS for Total Protection, dubbed RumourServer, could be exploited to force connecting nodes to deliver spam.
“The second issue has been used to allow spammers to bounce off of affected machines, resulting in an increase of outgoing email from them,” McAfee security researcher director Dave Marcus said in a statement.
The flaw did not grant access to user data, however users who first reported the flaw said they were made aware after their IP and email addresses were added to blacklists for sending spam.
The update will be made server-side and will not require user intervention.
A separate hole could allow attackers to exploit an ActiveX control and remote execute code. This vulnerability was patched in an August update.
Copyright © SC Magazine, Australia
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.