Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Report Inappropriate Content
Message 1 of 3

Would McAffee place a redirect in a support email?

I got an email today that claimed to be from "noreply@". Now this could have been spoofed, and I will try to inspect the Internet header for evidence.

The content was HTML, and it contained the following:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<P>McAfee Labs has identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for a cyberattack that struck Google and a rapidly growing list of other companies. McAfee is working with our customers, partners, and the public to educate them on this dangerous cyberattack known as "Operation Aurora". <BR><BR>We have set up an informational web page </A>to get the latest information at <A href=""> you will find: <BR><BR>>> <A href="">A detailed document</A> to help you determine if you've been affected<BR>>> <A href="">An executive-level video briefing</A> explaining Operation Aurora from the McAfee Office of the CTO <BR>>> Evaluations of McAfee products to help ensure that you are protected<BR>>> Links to McAfee security professionals and other resources to help you protect your organization from Operation Aurora and similar attacks in the future<BR><BR>We invite you to visit this site frequently for updates on Operation Aurora. In addition, we will be hosting the Hacking Exposed live webcast on January 21, 2010 at 11 AM PST / 2 PM EST which will feature the latest up-to-date information on the Operation Aurora cyberattack. <A href="">Register Now.</A><BR><BR>Sincerely,<BR><BR>George Kurtz<BR><BR>WW Chief Technology Officer & Executive Vice President <BR><BR><BR>McAfee, Inc.</P>
<img src='' border=0 width=1px height=1px></BODY></HTML>
<P><FONT size=1>To manage your email preferences, please go </FONT><A href=""><FONT size=1>here</FONT></A><FONT size=1>.<BR><BR>McAfee, Inc.| 3965 Freedom Circle | Santa Clara, CA | 95054 | 888.847.8766 | </FONT><A href=""><FONT size=1></FONT></A><FONT size=1> <BR><BR>McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2010 McAfee, Inc. All rights reserved.</FONT></P>


The link in the email that claims to be McAffee actually goes to then redirects to McAffee.

Is this a legitamate email, or is this an attempt to actually lauch an Aurora attack by claiming to spread knowledge about Aurora?

McAffee should not ever, I think include a redirect in an email link.

Anyone know what is up?

Message was edited by: April Jacobs to remove email identity information from customer provided URL on 1/20/10 9:03:34 AM CST
2 Replies
Former Member
Report Inappropriate Content
Message 2 of 3

Re: Would McAffee place a redirect in a support email?

Hi johnment,

This is a legitimate email. I believe Eloqua is the service McAfee uses to send communications to some of our customers.

I will make sure your feedback is routed appropriately. Thanks!

Message was edited by: April Jacobs on 1/20/10 8:57:28 AM CST
Former Member
Report Inappropriate Content
Message 3 of 3

Re: Would McAffee place a redirect in a support email?

Hello, Johnment -- I can fill you in.

As do many corporations, McAfee has a hosting relationship (for several years) with Eloqua for email distribution and newsletter subscription management. With our own IT resources focused on our business, it makes sense to go with an expert in this area. Prior to our agreement, McAfee put Eloqua through a meticulous security screening and risk & compliance process.

The Eloqua system attaches click-open tracker code to URLs automatically for metric purposes. The information is private -- by McAfee and for McAfee alone. While these trackers have been ignored by our customers when the topic is a conference such as FOCUS '09, during a threat incident like "Operation Aurora" customers have a heightened sensitivity to emails and any link that is unfamiliar, with good reason.

McAfee is aware of these concerns; customer feedback has been passed on to our internal Eloqua management team to review our in-email linking guidelines, and to work with Eloqua to adjust the system. And, as the manager for the new customer Support Notification Service (SNS) that recently was launched and utilizes Eloqua, you can be sure that I am checking and adjusting the SNS system for concerns such as yours.

Thanks very much for the chance to respond ~

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community