Security software is supposed to keep your computer protected, but it’s not immune from having flaws of its own. And when that happens, you end up with people suddenly finding themselves specifically targeted by the attacks they thought themselves protected from.
Such is the case for some owners of McAfee SaaS Endpoint Protection Suite. Some users of this security service recently began to notice that they were being treated as spammers. Email servers were blocking outgoing emails and users were having their IP address added to spam blacklists.
After some investigation, they found they were being treated as spammers because, well, they were. Their computer or computers had been turned into participants in spam networks.
This was possible not only in spite of, but because of, McAfee’s software. An unknown security flaw exists in the company’s Rumor Service, which is used to send updates to computers lacking a direct Internet connection. It allows the service to be hijacked, at which point it creates an open proxy on port 6515. Spammers can route spam through that open proxy to disguise the source IP address. This allows for spam to be sent from fresh, unblocked addresses – allowing the spam network’s continued operation.
McAfee has confirmed the problem and stated that a patch is due shortly. In the meantime, you can turn off the Rumor Service and block the port via your firewall by following instructions created by one of the exploit’s victims.