ICQ is a popular Internet messaging service which allows users to track which of their friends and co-workers are online and send messages back and forth with them. Recently, however, it's users have been the target of a several malicious new attacks:
- Around May 13th, Seth McGann released his source code to an ICQ Spoofer which allowed anyone who compiled his program on a Unix machine to send a fake message to any person who had ICQ currently running on their computer. The spoofer can make the message appear to be from any ICQ UIN, including fake numbers as 1 or 666, or someone who is already in your list. Recently, several ICQ spoofer programs for Windows 95 have appeared, which make it even easier for people to use (and abuse) the program. A variation on the ICQ spoofer, known as the "ICQ bomber", sends hundreds (or thousands) of ICQ messages to the victim from random UIN's, rendering the victim's ICQ useless.
The new version of ICQ (98 beta ver 1.26) released on May 22nd, has been confirmed to be "Spoof-Proof". You can update your copy
- On May 31st, a new, even more potentially dangerous attack was released to the public, authord by someone named "firstname.lastname@example.org", called ICQ HiJaak. This program, which affects even the new "Spoof-Proof" ICQ (above), can allow someone to change your ICQ password without your authorization. Obviously, the attacker then has full control over your ICQ account, while you can do nothing.
Responsing to the problem, Mirabilis originally disabled the ability to change your password at all on June 3rd, 1998. About two weeks later, they released a new version of ICQ, 98 beta 1.30 which, while not confirmed, most likely fixes the latest security issues.
Back Orifice, by the interestingly-named hacker group "Cult of the Dead Cow", is a new (September '98) program for Windows 95 or 98 systems. Here's how it works: The attacker gains access to your system (in most cases, he/she must actually physically be sitting at your computer), and installs a small program that hides in the background. Then, from the comfort of their own home, they can take control of your system, manipulating (and deleting) files, changing system settings, and other mischief.
Back Orifice shouldn't be too big of a concern for most users, as it requires the attacker to (in most cases) have physical access to the computer being attacked. However, if you run a large number of publicity accessible computers, you should probably check to see if BO is installed, by downloading "BoDetect".