| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to McAfee's SaaS Endpoint Protection software allowing computers to serve as open proxies for sending spam has happened again within the same organization. The incident was reported by McAfee customers who complained about their e-mails being blocked by e-mail providers and their IP addresses being blacklisted for sending spam [9773].
(b) The incident of computers serving as open proxies running the McAfee software has also been reported at other organizations. Mr.HinkyDink's UT Blog reported finding nearly 1,900 IP addresses serving as open proxies running the McAfee software since December 1, 2011 [9773]. |
| Phase (Design/Operation) |
design |
(a) The software failure incident in Article 9773 was related to the design phase. McAfee's SaaS Endpoint Protection software had a problem with the RumorServer Service myAgtSvc.exe, which was part of the software suite. This service, used for delivering updates to computers without a direct Internet connection, was found to be serving as an Open Proxy on Port 6515, allowing computers to be used by spammers to send spam. This design flaw in the software allowed the system to be misused for spamming activities, indicating a failure in the design phase of the software [9773]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident with McAfee's SaaS Endpoint Protection software was due to a problem within the system itself. The issue was specifically related to the RumorServer Service myAgtSvc.exe, McAfee Peer Distribution Service, which is part of the software suite. This service was found to be serving as an Open Proxy on Port 6515, allowing computers to be used by spammers to send spam, leading to e-mails being blocked and IP addresses being blacklisted [9773].
(b) outside_system: The software failure incident also involved contributing factors that originated from outside the system. McAfee customers reported the problem when their e-mails were being blocked by e-mail providers and their IP addresses were being blacklisted for sending spam. Additionally, Mr.HinkyDink's UT Blog found nearly 1,900 IP addresses serving as open proxies running the McAfee software since December 1, 2011, indicating external consequences of the software failure incident [9773]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident in this case was primarily due to non-human actions. The problem was related to a service in McAfee's SaaS Endpoint Protection software that was allowing computers to serve as open proxies for sending spam. This issue was detected by the Kaamar Blog, which found that the technology serving as an Open Proxy on Port 6515 was effectively opening up the computers to be used by spammers to send spam. Additionally, Mr.HinkyDink's UT Blog reported finding nearly 1,900 IP addresses serving as open proxies running the McAfee software since December 1, 2011 [9773]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident reported in Article 9773 was primarily due to a software issue rather than hardware. The problem was identified in the RumorServer Service myAgtSvc.exe, part of McAfee SaaS Endpoint Protection Suite, which was serving as an open proxy for sending spam. This issue allowed spammers to use affected computers to send spam, leading to e-mails being blocked and IP addresses being blacklisted [9773].
(b) The software failure incident in Article 9773 was caused by a software issue within the McAfee SaaS Endpoint Protection software. The specific problem was related to the RumorServer Service myAgtSvc.exe, which was identified as part of the McAfee Peer Distribution Service. This software flaw allowed computers to be used as open proxies for sending spam, resulting in e-mails being blocked and IP addresses being blacklisted for spamming activity [9773]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case appears to be malicious in nature. The problem with the McAfee SaaS Endpoint Protection software allowed computers to serve as open proxies for sending spam, indicating that the issue was exploited by spammers to use the affected computers to send spam emails [9773].
Additionally, the incident involved the detection of an unusual rate of unsolicited mail originating from the affected IP addresses, indicating that the software vulnerability was actively being used for malicious purposes [9773]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident related to the McAfee SaaS Endpoint Protection software allowing computers to serve as open proxies for sending spam appears to be a result of poor decisions. The incident was caused by a vulnerability in the RumorServer Service myAgtSvc.exe, McAfee Peer Distribution Service, which effectively opened up computers to be used by spammers to send spam from the affected IP addresses [9773]. McAfee customers reported their emails being blocked and IP addresses being blacklisted for sending spam, indicating that the software's design flaw led to unintended consequences [9773]. McAfee responded by developing a patch to address the issue and prevent the software from responding to most incoming requests on the problematic port [9773].
(b) The software failure incident could also be attributed to accidental decisions or unintended consequences. The problem with the software allowing computers to be used as open proxies for sending spam was not intentional but rather a result of a vulnerability that was exploited by spammers [9773]. The incident was first detected by the Kaamar blog, which noticed unusual email activity originating from affected IP addresses, leading to the realization that the computers were being used for spamming without the users' knowledge [9773]. McAfee's response to the incident, including developing a patch to mitigate the issue, indicates that the consequences were unintended and required corrective action [9773]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident reported in the articles seems to be related to development incompetence. McAfee's SaaS Endpoint Protection software had a problem with the RumorServer Service myAgtSvc.exe, which was serving as an open proxy for sending spam. McAfee customers complained about their emails being blocked and their IP addresses being blacklisted for sending spam. The issue was detected by the Kaamar Blog, which found that nearly 1,900 IP addresses were serving as open proxies running the McAfee software since December 1, 2011. McAfee mentioned that their threat analytics and development teams were diligently analyzing the problem and possible solutions, indicating a failure that could be attributed to development incompetence [9773].
(b) The software failure incident could also be considered accidental as the problem with the RumorServer Service myAgtSvc.exe in McAfee's SaaS Endpoint Protection software was not intentional. The issue allowed computers to be used as open proxies for sending spam, which was not the intended function of the software. McAfee was working on a patch to address the problem, indicating that the issue was not deliberately introduced but rather an unintended consequence of the software's functionality [9773]. |
| Duration |
temporary |
(a) The software failure incident in this case appears to be temporary rather than permanent. McAfee is actively working on analyzing the problem and developing solutions to address the issue with their SaaS Endpoint Protection software. They have identified the specific service, RumorServer Service myAgtSvc.exe, as the source of the problem and are in the process of releasing a patch to mitigate the issue. The patch is expected to be rolled out through updates over a week's time, indicating that the failure is not permanent but rather a temporary issue that can be resolved with the implementation of the patch [9773]. |
| Behaviour |
omission, value, other |
(a) crash: The software failure incident in the articles does not involve a crash where the system loses state and does not perform any of its intended functions.
(b) omission: The software failure incident involves omission where the system omits to perform its intended functions at an instance(s). McAfee's SaaS Endpoint Protection software was allowing computers to serve as open proxies for sending spam, which was not the intended function of the software [9773].
(c) timing: The software failure incident does not involve timing issues where the system performs its intended functions correctly but too late or too early.
(d) value: The software failure incident involves a value issue where the system performs its intended functions incorrectly. In this case, the software was opening computers up to being used by spammers to send spam, which is not the correct function of the software [9773].
(e) byzantine: The software failure incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions.
(f) other: The other behavior in this software failure incident is the software acting as an open proxy for sending spam, which is a misuse of the software's capabilities and not a typical failure mode [9773]. |