Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


McAfee software allows spam for hijacked PCs

  • Please log in to reply
No replies to this topic

#1 Union_Thug


    Bleeps with the fishes...

  • Members
  • 2,355 posts
  • Gender:Male
  • Location:is everything
  • Local time:05:27 PM

Posted 18 January 2012 - 03:53 PM


The problem appears to be in the RumorServer Service myAgtSvc.exe, McAfee Peer Distribution Service, which is part of McAfee SaaS Endpoint Protection Suite, previously known as Total Protection Service, according to the Kaamar Blog. The technology, used for delivering updates to computers without a direct Internet connection, serves as an Open Proxy on Port 6515, which effectively opens the computer up to being used by spammers to use the computer to send spam to other sites that looks like it is coming from that IP address, the blog post says.


"Our Windows 2008 server was one of the computers affected. We first realised there was a problem on the 4th January 2012 when an email was returned undelivered with the message: "Our system has detected an unusual rate of unsolicited mail originating from your IP address. To protect our users from spam, mail sent from your IP address has been blocked," the blog post says. "On checking through our mail logs, we also noticed that an earlier email sent 2nd January had been delayed with a message saying our IP was on the spamhaus/cbl list as being infected with a trojan spambot."

The Kaamar blog site was able to stop the traffic on January 5 but received a data limit warning from the ISP that the site was nearing its monthly limit for traffic in only a few days. The problem, which appeared to start December 31, 2011, caused the site to get the equivalent of 10 months of normal traffic in just one day, according to the post. Meanwhile, IP addresses for the site were on several public blacklists for spamming activity.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users