McAfee Total Protection was a spam relay

McAfee patched two problems with its SaaS Total Protection antimalware service, one of which could have turned your computer into a spam relay.

SaaS Total Protection was McAfee’s hosted security service. Punters get features like a firewall, antivirus scans and antispam services that run from McAfee’s data centers.

However, one of the problems is it that it allowed spammers to “bounce off” affected machines and allow the relaying of spam.

Dave Marcus, director of security research for McAfee said that the flaw came to light when users started to complain that their ISPs had blocked their IP address, after noticing an uptick in spam streaming from their computers.

The spammer does not get direct control of the computer but uses McAfee’s “Rumor”, which is a peer-to-peer file sharing technology the company developed to distribute security updates within an internal network.

The other patched problem used an ActiveX control, which is a small add-on program that works in a web browser to facilitate downloading programs or security updates.

Marcus said that the flaw has much in common with a similar problem patched in August 2011, and that the patch cuts off the exploitation path for the problem, but it looks like McAfee killed off two of its troubles at the same time.